Arch Linux

Description:

When radicale is configured to use a different storage area from the default (/var/lib/radicale/collections), the service starts OK but when an attempt to connect is made it reports:
[ERROR] An exception occurred during PROPFIND request on '/': [Errno 30] Read-only file system: '/custom/path/radicale/collections/.Radicale.lock'

On investigation, I found in /usr/lib/systemd/system/radicale.service:
ProtectSystem=strict

This means that any location other than /var/lib/radicale ... is read-only to the service despite any configuration in its config file

I solved this issue by creating a systemd drop-in file /etc/systemd/system/radicale.service.d/override.conf
===
[Service]
ReadWritePaths=/custom/path/radicale
===

If this is an acceptable secure solution then it would be useful to have a note to the effect in the Arch Wiki page for the package.

Additional info:
* package version(s)
3.1.8
* config and/or log files etc.
/etc/radicale/config
===
[server]
hosts = localhost:5232
[encoding]
[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = md5
[rights]
[storage]
type = multifilesystem
filesystem_folder = /custom/path/radicale/collections
[web]
[logging]
[headers]
===

* link to upstream bug report, if any

Steps to reproduce:
In /etc/radicale/config set filesystem_folder = /custom/path/radicale/collections where /custom/path is not the default (/var/lib)
Start the radicale service
Access radicale from a browser or other client at localhost:5232 and attempt to create or connect as a user
Examine system journal: e.g. journalctl -u radicale -f