From efcf71cc578ba88ca73b5b2aea0838e0299f9784 Mon Sep 17 00:00:00 2001 From: Ruben Kerkhof Date: Wed, 4 Feb 2015 11:07:44 +0100 Subject: [PATCH] Give recursor its own read-only mount namespace /usr and /etc are mounted read-only --- contrib/systemd-pdns-recursor.service | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service index b257f66422..e1d9420bef 100644 --- a/contrib/systemd-pdns-recursor.service +++ b/contrib/systemd-pdns-recursor.service @@ -11,6 +11,7 @@ PrivateTmp=true PrivateDevices=true CapabilityBoundingSet=CAP_NET_BIND_SERVICE NoNewPrivileges=true +ProtectSystem=full [Install] WantedBy=multi-user.target -- 2.47.2