From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Fri, 3 Dec 2021 12:08:09 +0000 (+0100)
Subject: systemd service: disallow access to devices (except, zero, full, null, random, urandom)
X-Git-Tag: dnsdist-1.8.0-rc1~188^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4e4a9d0b39dbcf15862c507366fe8ef835ba891;p=thirdparty%2Fpdns.git

systemd service: disallow access to devices (except, zero, full, null, random, urandom)
---

diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in
index 07752a3fc5..73d78fd028 100644
--- a/pdns/dnsdistdist/dnsdist.service.in
+++ b/pdns/dnsdistdist/dnsdist.service.in
@@ -54,6 +54,7 @@ ProtectProc=invisible
 MemoryDenyWriteExecute=true
 PrivateIPC=true
 RemoveIPC=true
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target
diff --git a/pdns/ixfrdist.service.in b/pdns/ixfrdist.service.in
index a30ebced07..b69618abe3 100644
--- a/pdns/ixfrdist.service.in
+++ b/pdns/ixfrdist.service.in
@@ -38,6 +38,7 @@ ProtectProc=invisible
 MemoryDenyWriteExecute=true
 PrivateIPC=true
 RemoveIPC=true
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target
diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in
index 1a0618c31f..d073ec3d5e 100644
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -44,6 +44,7 @@ ProtectProc=invisible
 MemoryDenyWriteExecute=true
 PrivateIPC=true
 RemoveIPC=true
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target
diff --git a/pdns/recursordist/pdns-recursor.service.in b/pdns/recursordist/pdns-recursor.service.in
index ab7a07d558..dc88bbfda7 100644
--- a/pdns/recursordist/pdns-recursor.service.in
+++ b/pdns/recursordist/pdns-recursor.service.in
@@ -45,6 +45,7 @@ ProtectProc=invisible
 MemoryDenyWriteExecute=true
 PrivateIPC=true
 RemoveIPC=true
+DevicePolicy=closed
 
 [Install]
 WantedBy=multi-user.target