Make /home, /root and /run/user inaccessible

author Ruben Kerkhof <ruben@rubenkerkhof.com>

Wed, 9 Sep 2015 15:52:53 +0000 (17:52 +0200)

committer Ruben Kerkhof <ruben@rubenkerkhof.com>

Mon, 14 Sep 2015 18:41:33 +0000 (20:41 +0200)
author Ruben Kerkhof <ruben@rubenkerkhof.com>
Wed, 9 Sep 2015 15:52:53 +0000 (17:52 +0200)
committer Ruben Kerkhof <ruben@rubenkerkhof.com>
Mon, 14 Sep 2015 18:41:33 +0000 (20:41 +0200)
diff --git a/contrib/systemd.collectd.service b/contrib/systemd.collectd.service

index 0659133..50820bd 100644 (file)
--- a/contrib/systemd.collectd.service
+++ b/contrib/systemd.collectd.service
@@ -8,6 +8,7 @@ ExecStart=/usr/sbin/collectd
  EnvironmentFile=-/etc/sysconfig/collectd
  EnvironmentFile=-/etc/default/collectd
  ProtectSystem=full
+ProtectHome=true
  
  # Tell systemd it will receive a notification from collectd over it's control
  # socket once the daemon is ready. See systemd.service(5) for more details.
author	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Wed, 9 Sep 2015 15:52:53 +0000 (17:52 +0200)
committer	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Mon, 14 Sep 2015 18:41:33 +0000 (20:41 +0200)