nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-28 08:03:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

bind: Enable systemd sandbox options for bind9 service

Browse Source 
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2020-01-26 10:57:04 -05:00 committed by Sunil Mohan Adapa
parent b3b2b6fe84
commit a9ab05bde3
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
plinth/modules/bind/data/lib/systemd/system/bind9.service.d/freedombox.conf Normal file
View File

@ -0,0 +1,15 @@
[Service]
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateMounts=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictRealtime=yes
SystemCallArchitectures=native