From 54d5d9d1ccb5c91ba9521918c5261758e8a294fb Mon Sep 17 00:00:00 2001
From: Florian Schlichting <fsfs@debian.org>
Date: Tue, 11 Aug 2015 19:00:21 +0200
Subject: [PATCH] systemd: protect /usr when running under systemd

---
 systemd/mpd.service.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in
index 545c94159..c02f55e8d 100644
--- a/systemd/mpd.service.in
+++ b/systemd/mpd.service.in
@@ -9,6 +9,9 @@ ExecStart=@prefix@/bin/mpd --no-daemon
 LimitRTPRIO=50
 LimitRTTIME=infinity
 
+# disallow writing to /usr, /bin, /sbin, ...
+ProtectSystem=yes
+
 [Install]
 WantedBy=multi-user.target
 Also=mpd.socket