From 51b69224c7e4bf3819dcb260f59e684c3b297cc9 Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 9 Feb 2025 14:01:10 +0100
Subject: Update service files

restrictions
---
 roles/linux-ns/files/systemd/dn42_wg@.service | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'roles/linux-ns/files/systemd/dn42_wg@.service')

diff --git a/roles/linux-ns/files/systemd/dn42_wg@.service b/roles/linux-ns/files/systemd/dn42_wg@.service
index 16a1ba6..0f67fda 100644
--- a/roles/linux-ns/files/systemd/dn42_wg@.service
+++ b/roles/linux-ns/files/systemd/dn42_wg@.service
@@ -1,5 +1,3 @@
-# wireguard tunnels inside the namespace
-
 [Unit]
 Description=WireGuard via wg-quick(8) for %I
 PartOf=wg-quick.target
@@ -22,6 +20,9 @@ Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
 NetworkNamespacePath=/run/netns/dn42
 BindReadOnlyPaths=/etc/netns/dn42/resolv.conf:/etc/resolv.conf
 ProtectSystem=strict
+PrivateTmp=true
+PrivateDevices=true
+PrivateIPC=true
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3