diff --git a/systemd/mpd.service.in b/systemd/mpd.service.in index bb7b5802a..c4600406d 100644 --- a/systemd/mpd.service.in +++ b/systemd/mpd.service.in @@ -19,6 +19,9 @@ ControlGroup=cpu:/mpd # assign a real-time budget ControlGroupAttribute=cpu.rt_runtime_us 500000 +# disallow writing to /usr, /bin, /sbin, ... +ProtectSystem=yes + [Install] WantedBy=multi-user.target Also=mpd.socket