Accepting request 925092 from home:stroeder:network

- set RestrictAddressFamilies= in nsd.service OBS-URL: https://build.opensuse.org/request/show/925092 OBS-URL: https://build.opensuse.org/package/show/server:dns/nsd?expand=0&rev=91
2021-10-13 12:52:27 +00:00
parent 1c78b76f36
commit c0230520f1
2 changed files with 6 additions and 1 deletions
--- a/nsd.changes
+++ b/nsd.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Oct 13 12:45:45 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- set RestrictAddressFamilies= in nsd.service
+
 -------------------------------------------------------------------
 Tue Oct 12 20:19:52 UTC 2021 - Michael Ströder <michael@stroeder.com>

--- a/nsd.service
+++ b/nsd.service
@@ -27,7 +27,7 @@ RestrictRealtime=true
 # even more hardening options
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-#RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
 PrivateTmp=yes
 NoNewPrivileges=yes
 MountFlags=private