From 90544d2f18a3caef03ea94a4d0d63e344deb573e Mon Sep 17 00:00:00 2001
From: Ruben Kerkhof <ruben@rubenkerkhof.com>
Date: Thu, 19 Feb 2015 20:46:51 +0100
Subject: [PATCH] Add more restrictions to pdns systemd unit file

We already did for the recursor, now do the same for auth.
---
 contrib/systemd-pdns.service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/contrib/systemd-pdns.service b/contrib/systemd-pdns.service
index 7ce47f45c0..e5fac8012e 100644
--- a/contrib/systemd-pdns.service
+++ b/contrib/systemd-pdns.service
@@ -11,6 +11,12 @@ ExecStop=/usr/bin/pdns_control quit
 Restart=on-failure
 RestartSec=2
 PrivateTmp=true
+PrivateDevices=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
+NoNewPrivileges=true
+ProtectSystem=full
+ProtectHome=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 
 [Install]
 WantedBy=multi-user.target
-- 
2.47.2