30 Nov
2021
30 Nov
'21
12:53 p.m.
RestrictAddressFamilies used to not have an option to restrict all address families, but systemd 249 introduced a special value "none" exactly for this purpose. Signed-off-by: Frederik “Freso” S. Olesen <freso.dk@gmail.com> --- src/paccache.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/paccache.service.in b/src/paccache.service.in index a821daf..57390ea 100644 --- a/src/paccache.service.in +++ b/src/paccache.service.in @@ -28,7 +28,7 @@ ProtectKernelTunables=yes ProtectKernelModules=yes ProtectKernelLogs=yes ProtectControlGroups=yes -RestrictAddressFamilies=AF_UNIX +RestrictAddressFamilies=none RestrictNamespaces=yes LockPersonality=yes MemoryDenyWriteExecute=yes -- 2.34.1