Ensure recursor can't elevate its privileges

author Ruben Kerkhof <ruben@rubenkerkhof.com>

Wed, 4 Feb 2015 10:06:23 +0000 (11:06 +0100)

committer Ruben Kerkhof <ruben@rubenkerkhof.com>

Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)
author Ruben Kerkhof <ruben@rubenkerkhof.com>
Wed, 4 Feb 2015 10:06:23 +0000 (11:06 +0100)
committer Ruben Kerkhof <ruben@rubenkerkhof.com>
Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)
diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service

index 987dd05434644d2ad046d0cce9e9c9290b01fe12..b257f664229aaf737574b71066bbf477a45dcec9 100644 (file)
--- a/contrib/systemd-pdns-recursor.service
+++ b/contrib/systemd-pdns-recursor.service
@@ -10,6 +10,7 @@ ExecStart=/usr/sbin/pdns_recursor --daemon
  PrivateTmp=true
  PrivateDevices=true
  CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
  
  [Install]
  WantedBy=multi-user.target
author	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Wed, 4 Feb 2015 10:06:23 +0000 (11:06 +0100)
committer	Ruben Kerkhof <ruben@rubenkerkhof.com>
	Tue, 10 Feb 2015 08:44:47 +0000 (09:44 +0100)