From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 26 Sep 2019 11:35:12 +0000 (+0200)
Subject: auth: Add NoNewPrivileges, PrivateDevices and PrivateTmp back
X-Git-Tag: dnsdist-1.4.0-rc3~4^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F8348%2Fhead;p=thirdparty%2Fpdns.git

auth: Add NoNewPrivileges, PrivateDevices and PrivateTmp back
---

diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in
index 6613ba17b9..1ce670228a 100644
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -19,6 +19,9 @@ RuntimeDirectory=pdns
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
 LockPersonality=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectKernelModules=true