mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-30 03:19:35 -05:00
unbound.service.in: upgrade hardening to latest standards
Systemd gradually introduced new protection bits, let’s enable them.
This commit is contained in:
Bruno Pagani
parent
ca5baef433
commit
c32b9e4ba9
1 changed files with 4 additions and 0 deletions
|
|
@ -60,8 +60,12 @@ NoNewPrivileges=true
|
|||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectProc=invisible
|
||||
ProtectSystem=strict
|
||||
RuntimeDirectory=unbound
|
||||
ConfigurationDirectory=unbound
|
||||
|
|
|
|||
Loading…
Reference in a new issue