From e938c41e5734cb9b9e9633911a8040f5fce50ebb Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Mon, 21 Aug 2023 10:27:49 -0400 Subject: PrivateTmp=yes prevents systemd services from accessing SSH agent, drop it --- dot_config/systemd/user/backup-irclogs.service | 1 - dot_config/systemd/user/borgmatic@.service | 1 - 2 files changed, 2 deletions(-) diff --git a/dot_config/systemd/user/backup-irclogs.service b/dot_config/systemd/user/backup-irclogs.service index 424073a..edfac91 100644 --- a/dot_config/systemd/user/backup-irclogs.service +++ b/dot_config/systemd/user/backup-irclogs.service @@ -13,7 +13,6 @@ Type=oneshot LockPersonality=true MemoryDenyWriteExecute=no NoNewPrivileges=yes -PrivateTmp=yes ProtectControlGroups=yes ProtectHostname=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK diff --git a/dot_config/systemd/user/borgmatic@.service b/dot_config/systemd/user/borgmatic@.service index 0a2b3e7..5f553cf 100644 --- a/dot_config/systemd/user/borgmatic@.service +++ b/dot_config/systemd/user/borgmatic@.service @@ -19,7 +19,6 @@ LockPersonality=true # But you can try setting it to "yes" for improved security if you don't use those features. MemoryDenyWriteExecute=no NoNewPrivileges=yes -PrivateTmp=yes ProtectControlGroups=yes ProtectHostname=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -- cgit v1.2.3