unbound.service.in: upgrade hardening to latest standards

author Bruno Pagani <bruno.n.pagani@gmail.com>

Sun, 25 Jul 2021 03:17:18 +0000 (03:17 +0000)

committer Bruno Pagani <bruno.n.pagani@gmail.com>

Sun, 25 Jul 2021 03:27:22 +0000 (05:27 +0200)
author Bruno Pagani <bruno.n.pagani@gmail.com>
Sun, 25 Jul 2021 03:17:18 +0000 (03:17 +0000)
committer Bruno Pagani <bruno.n.pagani@gmail.com>
Sun, 25 Jul 2021 03:27:22 +0000 (05:27 +0200)
diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in

index a4596978dbe2d2f7cfa91fd75a71fafb1a16a429..90ee708ce2c5453b2602c5e81ee803d841d16dac 100644 (file)
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -60,8 +60,12 @@ NoNewPrivileges=true
  PrivateDevices=true
  PrivateTmp=true
  ProtectHome=true
+ProtectClock=true
  ProtectControlGroups=true
+ProtectKernelLogs=true
  ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
  ProtectSystem=strict
  RuntimeDirectory=unbound
  ConfigurationDirectory=unbound
author	Bruno Pagani <bruno.n.pagani@gmail.com>
	Sun, 25 Jul 2021 03:17:18 +0000 (03:17 +0000)
committer	Bruno Pagani <bruno.n.pagani@gmail.com>
	Sun, 25 Jul 2021 03:27:22 +0000 (05:27 +0200)