backup-mysql: ensure rm path never expands to /*
All threads resolved!
All threads resolved!
Merge request reports
Activity
Resolved by Kristian KlausenWe should harden borg-backup.service, so at worst the scripts can't delete any (important) files. Perhaps
ProtectSystem=strictandReadWritePaths=<something>.I'm not 100% sure it will work though:
ReadWritePaths=, ReadOnlyPaths=, InaccessiblePaths=, ExecPaths=, NoExecPaths=
[...]
Note that these settings will disconnect propagation of mounts from the unit's processes to the host. This means that this setting may not be used for services which shall be able to install mount points in the main mount namespace.
Edited by Kristian Klausen- Last reply by Kristian Klausen
mentioned in issue #299
Merged as 0150c1b1.
Please register or sign in to reply