From 7f2f8d20dbbb684453b698b7580523e2dab89302 Mon Sep 17 00:00:00 2001
From: TubbyCat <tubbycat.dev.pub@protonmail.com>
Date: Thu, 25 Aug 2022 16:28:09 -0400
Subject: [PATCH] Update log2ram-daily.service

---
 log2ram-daily.service | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/log2ram-daily.service b/log2ram-daily.service
index 583adda..fee0058 100644
--- a/log2ram-daily.service
+++ b/log2ram-daily.service
@@ -5,4 +5,19 @@ After=log2ram.service
 [Service]
 ExecStart=/bin/systemctl reload log2ram.service
 
-## insert sandboxing here ##
+# Sandboxing
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPriviliges=true
+PrivateDevices=true
+PrivateNetwork=true 
+  #May affect "Mail" in log2ram.conf.
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+RestrictSUIDSGID=true
+ProtectSystem=strict
+ProtectHome=true