From d182bc6406e81549792c0304ea85f90f984c550a Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 26 Sep 2019 13:35:12 +0200
Subject: [PATCH] auth: Add NoNewPrivileges, PrivateDevices and PrivateTmp back

---
 pdns/pdns.service.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in
index 6613ba17b..1ce670228 100644
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -19,6 +19,9 @@ RuntimeDirectory=pdns
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
 LockPersonality=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectKernelModules=true
-- 
2.40.0