From faa57b20819c8d3df00bbc29b48d8bf99513ae25 Mon Sep 17 00:00:00 2001
From: jvoisin <jvoisin@users.noreply.github.com>
Date: Sun, 15 Nov 2020 14:17:40 +0000
Subject: [PATCH] Harden a bit the systemd unit.

---
 install_service_systemd.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/install_service_systemd.sh b/install_service_systemd.sh
index 4f7d6f81c..7f31748c1 100755
--- a/install_service_systemd.sh
+++ b/install_service_systemd.sh
@@ -76,6 +76,14 @@ WorkingDirectory=${JACKETT_DIR}
 ExecStart=/bin/sh "${JACKETT_DIR}/jackett_launcher.sh"
 TimeoutStopSec=30
 
+ProtectHome=yes
+ProtectSystem=full
+PrivateTmp=yes
+NoNewPrivileges=yes
+ProtectDevices=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+
 [Install]
 WantedBy=multi-user.target