Package: geoipupdate Version: 4.6.0-1 Dear Maintainer, thanks for including a systemd service for a weekly update run. I used a similar service already and were running with several hardening options. Please consider adding them.
Best regards, Christian Göttsche # hardening options # details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # no PrivateNetwork LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=true PrivateTmp=true ProtectClock=yes ProtectControlGroups=true ProtectHome=yes ProtectKernelLogs=yes ProtectKernelModules=true ProtectKernelTunables=yes ProtectSystem=strict ReadWritePaths=/var/lib/GeoIP/ RestrictNamespaces=yes RestrictRealtime=true SystemCallFilter=