From c9686d479111523b13f3b53c35617da53bb9e244 Mon Sep 17 00:00:00 2001
From: Paul Menzel <pmenzel@molgen.mpg.de>
Date: Tue, 18 May 2021 11:57:02 +0200
Subject: [PATCH] systemd/eturnal: Use ProtectSystem=strict

[`ProtectSystem=strict` mounts more directories as read-only.][1]

[The upstream service unit only sets it to `full` to support older
systemd releases.][2] systemd 242, currently shipped by MarIuX, support
`strict`, so use it.

[1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
[2]: https://github.com/processone/eturnal/issues/14#issuecomment-843021648
---
 misc_systemd_units/eturnal.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/misc_systemd_units/eturnal.service b/misc_systemd_units/eturnal.service
index 047c452..5b17d7f 100644
--- a/misc_systemd_units/eturnal.service
+++ b/misc_systemd_units/eturnal.service
@@ -18,6 +18,6 @@ RestartSec=3
 WatchdogSec=30
 LimitNOFILE=50000
 RuntimeDirectory=eturnal
-ProtectSystem=full
+ProtectSystem=strict
 NoNewPrivileges=true
 AmbientCapabilities=CAP_NET_BIND_SERVICE