configpolicy

dustin

History

Dustin 7d93ba836e r/restic: Enhance restic-backup security sandbox Since `restic` needs to run as root in order to back up files regardless of their permissions, we need to restrict it to doing only that. Using systemd sandbox features, especially the capability bounding set, we can remove all of _root_'s powers except the ability to read all files.	2024-09-04 17:43:24 -05:00
..
restic-backup.service	r/restic: Enhance restic-backup security sandbox	2024-09-04 17:43:24 -05:00
restic-backup.timer	restic: Add role+playbook for Restic backups	2024-09-04 09:40:29 -05:00

Dustin 7d93ba836e r/restic: Enhance restic-backup security sandbox

Since `restic` needs to run as root in order to back up files regardless
of their permissions, we need to restrict it to doing only that.  Using
systemd sandbox features, especially the capability bounding set, we can
remove all of _root_'s powers except the ability to read all files.

2024-09-04 17:43:24 -05:00

restic-backup.service

r/restic: Enhance restic-backup security sandbox

2024-09-04 17:43:24 -05:00

restic-backup.timer

restic: Add role+playbook for Restic backups

2024-09-04 09:40:29 -05:00