Index: rpcbind-1.2.6/systemd/rpcbind.service.in =================================================================== --- rpcbind-1.2.6.orig/systemd/rpcbind.service.in +++ rpcbind-1.2.6/systemd/rpcbind.service.in @@ -11,6 +11,19 @@ Wants=rpcbind.target After=sysinit.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=notify # distro can provide a drop-in adding EnvironmentFile=-/??? if needed. EnvironmentFile=-/etc/sysconfig/rpcbind