From 69bc7a5cbe220e57a79a9f5f998625d7ff62d3d5 Mon Sep 17 00:00:00 2001
From: TubbyCat <tubbycat.dev.pub@protonmail.com>
Date: Thu, 25 Aug 2022 00:00:05 -0400
Subject: [PATCH] Update log2ram.service

---
 log2ram.service | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/log2ram.service b/log2ram.service
index ec13e11..3dc8a22 100644
--- a/log2ram.service
+++ b/log2ram.service
@@ -15,12 +15,12 @@ ExecReload= /usr/local/bin/log2ram write
 TimeoutStartSec=120
 RemainAfterExit=yes
 
-#SANDBOXING# -- NEEDS TESTING
+#SANDBOXING# -- partly tested
 LockPersonality=true
 MemoryDenyWriteExecute=true
 NoNewPriviliges=true
-#PrivateDevices=
-#PrivateNetwork=true 
+PrivateDevices=true
+PrivateNetwork=true 
   #Will likely break "MAIL" in log2ram.config if does not point to localhost / disabled
 ProtectClock=true
 ProtectControlGroups=true
@@ -29,8 +29,8 @@ ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 RestrictSUIDSGID=true
-ProtectSystem=full
-  # ALT: ProtectSystem=true # if-and-only-if needs /etc, but can whitelist dir prn 
+ProtectSystem=true
+  # ALT: ProtectSystem=full # needs rw whitelisting for /var/hdd.log/ 
 ProtectHome=true 
   #will likely break situations wherein configured to also copy logs from $HOME. 
   #can probably fix with systemctl edit to whitelist relevant dirs