exec_borg.sh: cleanup and set ConfigurationDirectory ro
This commit is contained in:
parent
60e65af409
commit
5d1c9803b5
1 changed files with 2 additions and 2 deletions
|
|
@ -22,11 +22,11 @@ exec systemd-run --quiet --collect --unit=temp-borg-init-sandbox.service \
|
|||
--pipe < /etc/borg/$NAME/borg_passphrase \
|
||||
--working-directory=/tmp \
|
||||
-p "ConfigurationDirectory=borg/$NAME" \
|
||||
-p "CacheDirectory=borg/$NAME" \
|
||||
-p "ConfigurationDirectoryMode=550" \
|
||||
-p "CacheDirectory=borg/$NAME" \
|
||||
-p "CacheDirectoryMode=550" \
|
||||
-p "PrivateTmp=yes" \
|
||||
-p "ReadOnlyDirectories=/" \
|
||||
-p "ReadOnlyPaths=/ /etc/borg/$NAME" \
|
||||
-p "ReadWritePaths=/root/.ssh/known_hosts" \
|
||||
-p "EnvironmentFile=/etc/borg/$NAME/config.env" \
|
||||
--setenv=BORG_PASSPHRASE_FD=0 \
|
||||
|
|
|
|||
Loading…
Reference in a new issue