From eb4c5a04ff82962488ae1ea58703d17d88577d25 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Fri, 16 Aug 2019 10:48:39 +0200 Subject: [PATCH] Make the systemd unit compatible with tomcat9 - Use ReadWritePaths by default, since it doesn't cause any harm - Rephrase the ProtectSystem comment, to make it more clear - Fix verbs in a comment --- contrib/airsonic.service | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/contrib/airsonic.service b/contrib/airsonic.service index fd0d826f..1e95ecf9 100644 --- a/contrib/airsonic.service +++ b/contrib/airsonic.service @@ -35,16 +35,15 @@ RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap -ProtectSystem=full +ReadWritePaths=/var/airsonic -# You can uncomment the following line if you don't want airsonic to be able to +# You can change the following line to `strict` instead of `full` +# if you don't want airsonic to be able to # write anything on your filesystem outside of AIRSONIC_HOME. -# Don't forget to remove the other `ProtectSystem` line above. -#ProtectSystem=strict -#ReadWritePaths=/var/airsonic +ProtectSystem=full # You can uncomment the following line if you don't have any media -# in /home/…. This will prevent airsonic from ever read/write anything there. +# in /home/…. This will prevent airsonic from ever reading/writing anything there. #ProtectHome=true # You can uncomment the following line if you're not using the OpenJDK.