From 930052fe1eda57125cad635f3b98e3680ba6a730 Mon Sep 17 00:00:00 2001 From: Daniel Winzen Date: Sun, 5 Jan 2020 19:31:52 +0100 Subject: [PATCH] BindPaths -> ReadWritePaths for all systemd services --- etc/systemd/system/mariadb.service.d/custom.conf | 8 ++++---- etc/systemd/system/postfix.service.d/custom.conf | 6 +++--- etc/systemd/system/postfix@.service.d/custom.conf | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/etc/systemd/system/mariadb.service.d/custom.conf b/etc/systemd/system/mariadb.service.d/custom.conf index c908517..888d0c1 100644 --- a/etc/systemd/system/mariadb.service.d/custom.conf +++ b/etc/systemd/system/mariadb.service.d/custom.conf @@ -11,8 +11,8 @@ ProtectKernelModules=true ProtectControlGroups=true LockPersonality=true SystemCallArchitectures=native -BindPaths=-/var/log/mysql/ -BindPaths=-/var/lib/mysql/ -BindPaths=-/var/run/mysqld/ -BindPaths=-/run/mysqld/ +ReadWritePaths=-/var/log/mysql/ +ReadWritePaths=-/var/lib/mysql/ +ReadWritePaths=-/var/run/mysqld/ +ReadWritePaths=-/run/mysqld/ InaccessiblePaths=/var/www/ diff --git a/etc/systemd/system/postfix.service.d/custom.conf b/etc/systemd/system/postfix.service.d/custom.conf index f6e4106..696a193 100644 --- a/etc/systemd/system/postfix.service.d/custom.conf +++ b/etc/systemd/system/postfix.service.d/custom.conf @@ -9,6 +9,6 @@ ProtectControlGroups=true LockPersonality=true MemoryDenyWriteExecute=true SystemCallArchitectures=native -BindPaths=/var/spool/ -BindPaths=/var/lib/postfix/ -InaccessiblePaths=/var/www/ +ReadWritePaths=-/var/spool/ +ReadWritePaths=-/var/lib/postfix/ +InaccessiblePaths=-/var/www/ diff --git a/etc/systemd/system/postfix@.service.d/custom.conf b/etc/systemd/system/postfix@.service.d/custom.conf index c82b7f1..637b4f0 100644 --- a/etc/systemd/system/postfix@.service.d/custom.conf +++ b/etc/systemd/system/postfix@.service.d/custom.conf @@ -9,6 +9,6 @@ ProtectControlGroups=true LockPersonality=true MemoryDenyWriteExecute=true SystemCallArchitectures=native -BindPaths=/var/spool/ -BindPaths=/var/lib/ -InaccessiblePaths=/var/www/ +ReadWritePaths=-/var/spool/ +ReadWritePaths=-/var/lib/ +InaccessiblePaths=-/var/www/