auth: Add NoNewPrivileges, PrivateDevices and PrivateTmp back

author Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)
diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in

index 6613ba17b90954e01c4b39763a686f1da620ec35..1ce670228ab1eb346d927c62480e7c5d04e0ccc1 100644 (file)
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -19,6 +19,9 @@ RuntimeDirectory=pdns
  CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
  AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
  LockPersonality=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
  ProtectControlGroups=true
  ProtectHome=true
  ProtectKernelModules=true
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 26 Sep 2019 11:35:12 +0000 (13:35 +0200)