systemd override documentation

In issue 18187 (now closed) Jacob and Simon tell us that syncthing’s systemd files have options to prevent writes to /etc and other system places by default, and that we can change that option with systemctl edit syncthing@ by adding

[Service]
ProtectSystem=off

When I do that I find that the systemd config file seems to have a default of

# # Hardening
# ProtectSystem=full

This suggests that ProtectSystem has options other than full or off. Is there documentation on these options, or syncthing systemd configuration in general? (My Google Fu is failing me!) Or is it possible to turn off protection for only specific system files/dirs?

https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectSystem=

(first hit on googling systemd protectsystem for me)

1 Like