From: Bruno Pagani <bruno.n.pagani@gmail.com>
Date: Sun, 25 Jul 2021 03:17:18 +0000 (+0000)
Subject: unbound.service.in: upgrade hardening to latest standards
X-Git-Tag: release-1.13.2rc1~22^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F512%2Fhead;p=thirdparty%2Funbound.git

unbound.service.in: upgrade hardening to latest standards

Systemd gradually introduced new protection bits, let’s enable them.
---

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index a4596978d..90ee708ce 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -60,8 +60,12 @@ NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
 ProtectHome=true
+ProtectClock=true
 ProtectControlGroups=true
+ProtectKernelLogs=true
 ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
 ProtectSystem=strict
 RuntimeDirectory=unbound
 ConfigurationDirectory=unbound