X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/8635e6f1a4ff863b9f447416f40088dbeedcc7a1..41b1edf21c531ee0def59463c5a415af24875d30:/cookbooks/squid/recipes/default.rb

diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb
index def3d9187..731cbdd83 100644
--- a/cookbooks/squid/recipes/default.rb
+++ b/cookbooks/squid/recipes/default.rb
@@ -50,6 +50,11 @@ systemd_service "squid" do
   exec_start "/usr/sbin/squid -N $SQUID_ARGS"
   exec_reload "/usr/sbin/squid -k reconfigure"
   exec_stop "/usr/sbin/squid -k shutdown"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
   restart "on-failure"
   timeout_sec 0
 end