From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 13 Mar 2025 19:17:29 +0000 (+0100)
Subject: dnsdist: Allow `AF_NETLINK` and `AF_XDP` under `systemd`
X-Git-Tag: dnsdist-2.0.0-alpha1~11^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F15300%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Allow `AF_NETLINK` and `AF_XDP` under `systemd`

We need them for, respectively:
- IP to MAC address translation
- `XSK` packet processing
---

diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in
index bd810fd912..e0a9b3bbb3 100644
--- a/pdns/dnsdistdist/dnsdist.service.in
+++ b/pdns/dnsdistdist/dnsdist.service.in
@@ -44,7 +44,7 @@ ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectSystem=full
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX AF_XDP
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true