X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/2bfb0ef07fb64314f5c4ded641a8c280df9c1d0b..969e1e6d277ef40a24d2cdc33f31f1eaa48752f5:/cookbooks/geodns/recipes/default.rb

diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb
index c006ff9dc..b40a7643f 100644
--- a/cookbooks/geodns/recipes/default.rb
+++ b/cookbooks/geodns/recipes/default.rb
@@ -74,11 +74,8 @@ systemd_service "gdnsd-reload" do
   user "root"
   exec_start "/bin/systemctl reload-or-restart gdnsd"
   standard_output "null"
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  no_new_privileges true
+  sandbox true
+  restrict_address_families "AF_UNIX"
 end
 
 systemd_path "gdnsd-reload" do
@@ -103,6 +100,6 @@ firewall_rule "accept-dns-tcp" do
   action :accept
   source "net"
   dest "fw"
-  proto "tcp:syn"
+  proto "tcp"
   dest_ports "domain"
 end