From 9c5584129122de2c8182776d61a1a5daf2379823 Mon Sep 17 00:00:00 2001
From: Christophe Siraut <csiraut@entrouvert.com>
Date: Wed, 2 Sep 2020 08:49:01 +0200
Subject: [PATCH] logtracker.service: increase isolation

---
 debian/logtracker.service | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/debian/logtracker.service b/debian/logtracker.service
index 06b505a..56592e9 100644
--- a/debian/logtracker.service
+++ b/debian/logtracker.service
@@ -1,7 +1,6 @@
 [Unit]
 Description=logtracker
-After=network.target syslog.target postgresql.service
-Wants=postgresql.service
+After=network.target postgresql.service
 
 [Service]
 Type=notify
@@ -13,9 +12,13 @@ ExecStartPre=/usr/bin/logtracker-manage collectstatic --noinput
 ExecStart=/usr/bin/uwsgi --ini /etc/%p/uwsgi.ini
 ExecReload=/bin/kill -HUP $MAINPID
 KillSignal=SIGQUIT
-PrivateTmp=true
 Restart=on-failure
 RuntimeDirectory=logtracker
+ProtectSystem=strict
+ProtectHome=yes
+ProtectDevices=yes
+NoNewPrivileges=yes
+PrivateTmp=yes
 
 [Install]
 WantedBy=multi-user.target