From 6ef854928aa06bb9daeae76c1fd9064f6a6f1dc0 Mon Sep 17 00:00:00 2001 From: Ruben Kerkhof Date: Wed, 4 Feb 2015 11:13:07 +0100 Subject: [PATCH] Mount /home and /run/user read-only --- contrib/systemd-pdns-recursor.service | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/systemd-pdns-recursor.service b/contrib/systemd-pdns-recursor.service index e1d9420be..152763e19 100644 --- a/contrib/systemd-pdns-recursor.service +++ b/contrib/systemd-pdns-recursor.service @@ -12,6 +12,7 @@ PrivateDevices=true CapabilityBoundingSet=CAP_NET_BIND_SERVICE NoNewPrivileges=true ProtectSystem=full +ProtectHome=true [Install] WantedBy=multi-user.target -- 2.40.0