From be258a41f367f7bb23571238c45132dca3c7a552 Mon Sep 17 00:00:00 2001
From: Bruno Pagani <bruno.n.pagani@gmail.com>
Date: Sat, 21 May 2022 13:37:45 +0000
Subject: [PATCH] Reenable RestrictAddressFamilies safety setting

The addition of AF_NETLINK should be enough for it to work, without allowing the dozen of other families.
---
 conf/systemd.service | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 442545c..38c6c70 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -17,8 +17,7 @@ Restart=always
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
-#RestrictAddressFamilies disabled, prevents any write access on the app
-#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed