Hi,

It would be really nice to have those hardening options used. I use them
locally on Ubuntu. Please note that the Private*/Protect* options (using
the mount namespace) require this change to the Apparmor profile:

-/usr/sbin/named {
+/usr/sbin/named flags=(attach_disconnected) {

Thanks,
Simon

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to