upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-18 10:09:27 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge f2a2d9c1e9 into 09d352b917

Browse source
This commit is contained in:
Paul Menzel 2025-12-29 12:25:21 +01:00 committed by GitHub
commit 684dcefc40
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
contrib/unbound.service.in
View file

@ -73,8 +73,8 @@ ProtectKernelModules=true
ProtectKernelTunables=false
ProtectProc=invisible
ProtectSystem=strict
RuntimeDirectory=unbound
ConfigurationDirectory=unbound
RuntimeDirectory=@UNBOUND_RUN_DIR@
ConfigurationDirectory=@UNBOUND_SYSCONF_DIR@
StateDirectory=unbound
RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
RestrictRealtime=true
@ -83,7 +83,7 @@ SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module mount @obsolete
RestrictNamespaces=yes
LockPersonality=yes
RestrictSUIDSGID=yes
ReadWritePaths=@UNBOUND_RUN_DIR@ @UNBOUND_CHROOT_DIR@
ReadWritePaths=@UNBOUND_CHROOT_DIR@ @UNBOUND_ROOTKEY_FILE@
# Below rules are needed when chroot is enabled (usually it's enabled by default).
# If chroot is disabled like chroot: "" then they may be safely removed.