From 4fb762f6e480cdf3024a7f809fc3ca28a2835a20 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Wed, 22 Mar 2017 07:22:34 +0000
Subject: [PATCH] - Fix #1229: Systemd service sandboxing, options in wrong
 sections.

git-svn-id: file:///svn/unbound/trunk@4078 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 contrib/unbound.service.in | 14 ++++++++------
 doc/Changelog              |  1 +
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/contrib/unbound.service.in b/contrib/unbound.service.in
index e5b716c61..3ddadfa95 100644
--- a/contrib/unbound.service.in
+++ b/contrib/unbound.service.in
@@ -1,13 +1,15 @@
-[Service]
-Type=notify
-NotifyAccess=main
-ExecStart=/home/vagrant/unbound_systemd/unbound
-ExecReload=/bin/kill -HUP $MAINPID
+[Unit]
+Description=Validating, recursive, and caching DNS resolver
+Documentation=man:unbound(8)
 
 [Install]
 WantedBy=multi-user.target
 
-[Unit]
+[Service]
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=/home/vagrant/unbound_systemd/unbound
+NotifyAccess=main
+Type=notify
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
diff --git a/doc/Changelog b/doc/Changelog
index f495c7b66..fa4899420 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,7 @@
 	- Fix #1238: segmentation fault when adding through the remote
 	  interface a per-view local zone to a view with no previous
 	  (configured) local zones.
+	- Fix #1229: Systemd service sandboxing, options in wrong sections.
 
 21 March 2017: Ralph
 	- Merge EDNS Client subnet implementation from feature branch into main