From a844024395121fe9be21c3be2553be9abd77cfbf Mon Sep 17 00:00:00 2001
From: Steven Allen <steven@stebalien.com>
Date: Wed, 26 Mar 2025 15:02:42 +0000
Subject: [PATCH] Make the runtime directory private

The status file contains sensitive information like filenames and duplicate chunk ranges. It might also make sense to set the process-wide `UMask=`, but that may have other unintended side effects.
---
 scripts/beesd@.service.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/beesd@.service.in b/scripts/beesd@.service.in
index e4bab3c..32a6f85 100644
--- a/scripts/beesd@.service.in
+++ b/scripts/beesd@.service.in
@@ -17,6 +17,7 @@ KillSignal=SIGTERM
 MemoryAccounting=true
 Nice=19
 Restart=on-abnormal
+RuntimeDirectoryMode=0700
 RuntimeDirectory=bees
 StartupCPUWeight=25
 StartupIOWeight=25