# HG changeset patch
# User Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
# Date 1585229069 -28800
#      Thu Mar 26 21:24:29 2020 +0800
# Node ID 84fa940f6a49857e8605aadaef57ad961ec52996
# Parent  edb3ed36071c466e2b40db42172719f3762c39c0
harden nginx.service

diff -r edb3ed36071c -r 84fa940f6a49 debian/nginx.service
--- a/debian/nginx.service	Wed Mar 04 07:50:53 2020 +0300
+++ b/debian/nginx.service	Thu Mar 26 21:24:29 2020 +0800
@@ -11,5 +11,9 @@
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecStop=/bin/kill -s TERM $MAINPID
 
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectSystem=full
+
 [Install]
 WantedBy=multi-user.target