Hi, It would be really nice to have those hardening options used. I use them locally on Ubuntu. Please note that the Private*/Protect* options (using the mount namespace) require this change to the Apparmor profile:
-/usr/sbin/named {
+/usr/sbin/named flags=(attach_disconnected) {
Thanks,
Simon
signature.asc
Description: OpenPGP digital signature

