From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Thu, 19 Feb 2015 19:46:51 +0000 (+0100)
Subject: Add more restrictions to pdns systemd unit file
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~126^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2257%2Fhead;p=thirdparty%2Fpdns.git

Add more restrictions to pdns systemd unit file

We already did for the recursor, now do the same for auth.
---

diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service
index 7ce47f45c0..e5fac8012e 100644
--- a/contrib/systemd-pdns.service
+++ b/contrib/systemd-pdns.service
@@ -11,6 +11,12 @@ ExecStop=/usr/bin/pdns_control quit
 Restart=on-failure
 RestartSec=2
 PrivateTmp=true
+PrivateDevices=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
+NoNewPrivileges=true
+ProtectSystem=full
+ProtectHome=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 
 [Install]
 WantedBy=multi-user.target