From 51b69224c7e4bf3819dcb260f59e684c3b297cc9 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 9 Feb 2025 14:01:10 +0100
Subject: Update service files

restrictions
---
 roles/linux-ns/files/systemd/dn42_pdns.service | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'roles/linux-ns/files/systemd/dn42_pdns.service')

diff --git a/roles/linux-ns/files/systemd/dn42_pdns.service b/roles/linux-ns/files/systemd/dn42_pdns.service
index 86c61d1..45cc367 100644
--- a/roles/linux-ns/files/systemd/dn42_pdns.service
+++ b/roles/linux-ns/files/systemd/dn42_pdns.service
@@ -1,5 +1,3 @@
-# powerdns in namespace
-
 [Unit]
 Description=PowerDNS Authoritative Server dn42
 Documentation=man:pdns_server(1) man:pdns_control(1)
@@ -19,6 +17,7 @@ Restart=on-failure
 RestartSec=1
 StartLimitInterval=0
 RuntimeDirectory=pdns-dn42
+BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
 
 # Sandboxing
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
-- 
cgit v1.2.3