From 40a5150b6e62a113f2de6f28ca189ea376e3e778 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sun, 2 Jun 2019 16:05:47 +0200 Subject: [PATCH] Don't use ProtectHome by default in the systemd unit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some people might put media in /home/…/ --- contrib/airsonic.service | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/airsonic.service b/contrib/airsonic.service index 4754b0a8..fd0d826f 100644 --- a/contrib/airsonic.service +++ b/contrib/airsonic.service @@ -29,7 +29,6 @@ PrivateDevices=yes PrivateTmp=yes PrivateUsers=yes ProtectControlGroups=yes -ProtectHome=true ProtectKernelModules=yes ProtectKernelTunables=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 @@ -44,6 +43,10 @@ ProtectSystem=full #ProtectSystem=strict #ReadWritePaths=/var/airsonic +# You can uncomment the following line if you don't have any media +# in /home/…. This will prevent airsonic from ever read/write anything there. +#ProtectHome=true + # You can uncomment the following line if you're not using the OpenJDK. # This will prevent processes from having a memory zone that is both writeable # and executeable, making hacker's lifes a bit harder.