Update log2ram-daily.service

log2ram-daily.service

@@ -5,4 +5,19 @@ After=log2ram.service
 [Service]
 ExecStart=/bin/systemctl reload log2ram.service
 
-## insert sandboxing here ##
+# Sandboxing
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPriviliges=true
+PrivateDevices=true
+PrivateNetwork=true 
+  #May affect "Mail" in log2ram.conf.
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+RestrictSUIDSGID=true
+ProtectSystem=strict
+ProtectHome=true