From 708755d4cc4d2830933421a74f882f7391d0eb43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matti=20Lehtim=C3=A4ki?= <matti.lehtimaki@jolla.com>
Date: Mon, 27 May 2019 16:55:59 +0300
Subject: [PATCH] [systemd] Sandbox the udhcpd service. JB#37897 JB#44449

---
 rpm/udhcpd.service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rpm/udhcpd.service b/rpm/udhcpd.service
index a1c6370..8595911 100644
--- a/rpm/udhcpd.service
+++ b/rpm/udhcpd.service
@@ -6,3 +6,9 @@ Conflicts=shutdown.target
 
 [Service]
 ExecStart=/usr/sbin/udhcpd -f
+# Sandboxing
+CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_BIND_SERVICE CAP_NET_RAW
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full