From 5a4b71ed296437502c9e73a0ca9bbba154223970 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Tue, 9 Aug 2022 06:18:21 -0400
Subject: [PATCH] extend matterbridge service hardening

---
 systemd/system/matterbridge.service.d/hardening.conf | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 systemd/system/matterbridge.service.d/hardening.conf

diff --git a/systemd/system/matterbridge.service.d/hardening.conf b/systemd/system/matterbridge.service.d/hardening.conf
new file mode 100644
index 0000000..f556a7b
--- /dev/null
+++ b/systemd/system/matterbridge.service.d/hardening.conf
@@ -0,0 +1,8 @@
+[Service]
+# use a persistent user so that nftables can use it for skuid rules
+DynamicUser=false
+
+MemoryDenyWriteExecute=true
+RemoveIPC=true
+ProcSubset=pid
+ProtectProc=invisible