diff options
| -rw-r--r-- | mail-mta/postfix/files/postfix.service | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/mail-mta/postfix/files/postfix.service b/mail-mta/postfix/files/postfix.service index 585849e978b3..db585b3e29db 100644 --- a/mail-mta/postfix/files/postfix.service +++ b/mail-mta/postfix/files/postfix.service @@ -15,6 +15,12 @@ ProtectSystem=full ReadWritePaths=-/etc/mail/aliases.db CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE MemoryDenyWriteExecute=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX +RestrictNamespaces=true +RestrictRealtime=true [Install] WantedBy=multi-user.target |