From 01dd94242f47e55200c5dce37c7a8b22da8bce56 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Tue, 23 Mar 2021 10:43:55 +0100
Subject: [PATCH] Add some protection to systemd

---
 conf/systemd.service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conf/systemd.service b/conf/systemd.service
index 7134501..b4a69ae 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -12,5 +12,11 @@ Environment=NODE_ENV=production
 ExecStart=__YNH_NPM__ start
 Restart=always
 
+PrivateDevices=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectSystem=full
+
 [Install]
 WantedBy=multi-user.target