Merge branch 'support-external-audio-files' of github.com:jonas-resch/jellyfin into support-external-audio-files

author: Jonas Resch <jonas.resch@live.de> 2021-12-08 09:55:16 +0100
committer: Jonas Resch <jonas.resch@live.de> 2021-12-08 09:55:16 +0100
commit: 87a6fdf8478cf8daa24dc44a2a3da451be06b950 (patch)
tree: c5d147e9f05ee5e1c28094236f0a4caa7bab9069 /debian
parent: ca2d94ee97b53a69f4508f4ef5ac72a72d2a3aa5 (diff)
parent: a327b43ab7faceadb555890c41f103008fc00737 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/jellyfin.service b/debian/jellyfin.service
index e215a85362..071f949dd9 100644
--- a/debian/jellyfin.service
+++ b/debian/jellyfin.service
@@ -13,7 +13,20 @@ TimeoutSec = 15
 NoNewPrivileges=true
 SystemCallArchitectures=native
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-ProtectKernelModules=True
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+LockPersonality=true
+PrivateTmp=true
+PrivateDevices=false
+PrivateUsers=true
+RemoveIPC=true
 SystemCallFilter=~@clock
 SystemCallFilter=~@aio
 SystemCallFilter=~@chown
author	Jonas Resch <jonas.resch@live.de>	2021-12-08 09:55:16 +0100
committer	Jonas Resch <jonas.resch@live.de>	2021-12-08 09:55:16 +0100
commit	87a6fdf8478cf8daa24dc44a2a3da451be06b950 (patch)
tree	c5d147e9f05ee5e1c28094236f0a4caa7bab9069 /debian
parent	ca2d94ee97b53a69f4508f4ef5ac72a72d2a3aa5 (diff)
parent	a327b43ab7faceadb555890c41f103008fc00737 (diff)