Control: tags -1 + moreinfo
On Sat, Nov 19, 2022 at 10:23:12AM -0500, Michael Welsh Duggan wrote:
> The addition of the
>
> ProtectSystem=full
>
> clause to the spamd service module prevents spamd from writing to user
> bayes files. Here is a log from spamd:
Hi Michael. Per the systemd documentation on the ProtectSystem setting:
Takes a boolean argument or the special values "full" or
"strict". If true, mounts the /usr/ and the boot loader
directories (/boot and /efi) read-only for processes invoked by
this unit. If set to "full", the /etc/ directory is mounted
read-only, too.
Access to /home is not restricted by this setting. Is /home on your
system a symlink or otherwise not actually located at /home?
noah
