Merge branch 'master' into support-external-audio-files

author: Claus Vium <cvium@users.noreply.github.com> 2021-12-07 20:16:32 +0100
committer: GitHub <noreply@github.com> 2021-12-07 20:16:32 +0100
commit: 3f69eeab276052ad54f8113c94cc2443e2ab4c3d (patch)
tree: 136de6b3825ac55e197626948cf1a88f72be27ff /debian
parent: 99a48554a618302b4fe70ef1fd3d7fd06096c70e (diff)
parent: dd8b9e9d2367893f2865d07dbe3a11c1adf6c631 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/jellyfin.service b/debian/jellyfin.service
index e215a85362..071f949dd9 100644
--- a/debian/jellyfin.service
+++ b/debian/jellyfin.service
@@ -13,7 +13,20 @@ TimeoutSec = 15
 NoNewPrivileges=true
 SystemCallArchitectures=native
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-ProtectKernelModules=True
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+LockPersonality=true
+PrivateTmp=true
+PrivateDevices=false
+PrivateUsers=true
+RemoveIPC=true
 SystemCallFilter=~@clock
 SystemCallFilter=~@aio
 SystemCallFilter=~@chown
author	Claus Vium <cvium@users.noreply.github.com>	2021-12-07 20:16:32 +0100
committer	GitHub <noreply@github.com>	2021-12-07 20:16:32 +0100
commit	3f69eeab276052ad54f8113c94cc2443e2ab4c3d (patch)
tree	136de6b3825ac55e197626948cf1a88f72be27ff /debian
parent	99a48554a618302b4fe70ef1fd3d7fd06096c70e (diff)
parent	dd8b9e9d2367893f2865d07dbe3a11c1adf6c631 (diff)