From 9014179b3f52fbef2647e6774afc88bafe6dfdf5 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Wed, 9 Nov 2022 22:52:16 +0000 Subject: [PATCH] Use default sandboxing for the gdnsd-reload service --- cookbooks/geodns/recipes/default.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb index 3a166262c..8afa85cc5 100644 --- a/cookbooks/geodns/recipes/default.rb +++ b/cookbooks/geodns/recipes/default.rb @@ -74,11 +74,8 @@ systemd_service "gdnsd-reload" do user "root" exec_start "/bin/systemctl reload-or-restart gdnsd" standard_output "null" - private_tmp true - private_devices true - protect_system "strict" - protect_home true - no_new_privileges true + sandbox true + restrict_address_families "AF_UNIX" end systemd_path "gdnsd-reload" do -- 2.39.5