scy on Nostr: TIL about #systemd's TemporaryFileSystem, ProtectSystem, ProtectHome, ...
TIL about #systemd's TemporaryFileSystem, ProtectSystem, ProtectHome, InaccessiblePaths, ReadOnlyPaths and a bunch more related options, which allow you to easily set up a #chroot style environment for a service, simply by defining what directories it should have access to right there in the unit file.
Depending on what you need, you can use an allowlist-based approach using TemporaryFileSystem & ReadWritePaths, or a blocklist-based one with InaccessiblePaths.
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
#Linux
Depending on what you need, you can use an allowlist-based approach using TemporaryFileSystem & ReadWritePaths, or a blocklist-based one with InaccessiblePaths.
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html
#Linux