Harden borg-backup.service
We received a bug fix for backup-mysql.sh.j2
, that under the right circumstances it could run rm -rf /*
(see also !339 (closed)).
From !339 (comment 16314):
We should harden borg-backup.service, so at worst the scripts can't delete any (important) files. Perhaps
ProtectSystem=strict
andReadWritePaths=<something>
.I'm not 100% sure it will work though:
ReadWritePaths=, ReadOnlyPaths=, InaccessiblePaths=, ExecPaths=, NoExecPaths=
[...]
Note that these settings will disconnect propagation of mounts from the unit's processes to the host. This means that this setting may not be used for services which shall be able to install mount points in the main mount namespace.