Merge branch 'master' into what_could_go_wrong

author: Claus Vium <cvium@users.noreply.github.com> 2021-12-15 08:38:39 +0100
committer: GitHub <noreply@github.com> 2021-12-15 08:38:39 +0100
commit: 9a0618552b87241537590e77c70cfdbac2b0b8ce (patch)
tree: efc0d946cd6fc9db7b09e85cfa4185120e007c57 /debian
parent: c3c4dc6839d19cda8b0ea3cdcdc84547a713506d (diff)
parent: 4a58582ad588eae0571eb6e7f1c830d5550709ea (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/debian/jellyfin.service b/debian/jellyfin.service
index e215a8536..071f949dd 100644
--- a/debian/jellyfin.service
+++ b/debian/jellyfin.service
@@ -13,7 +13,20 @@ TimeoutSec = 15
 NoNewPrivileges=true
 SystemCallArchitectures=native
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-ProtectKernelModules=True
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+LockPersonality=true
+PrivateTmp=true
+PrivateDevices=false
+PrivateUsers=true
+RemoveIPC=true
 SystemCallFilter=~@clock
 SystemCallFilter=~@aio
 SystemCallFilter=~@chown
author	Claus Vium <cvium@users.noreply.github.com>	2021-12-15 08:38:39 +0100
committer	GitHub <noreply@github.com>	2021-12-15 08:38:39 +0100
commit	9a0618552b87241537590e77c70cfdbac2b0b8ce (patch)
tree	efc0d946cd6fc9db7b09e85cfa4185120e007c57 /debian
parent	c3c4dc6839d19cda8b0ea3cdcdc84547a713506d (diff)
parent	4a58582ad588eae0571eb6e7f1c830d5550709ea (diff)