From 6f8dac6e0732c2afc24cd38e3a3c34ae1a9c5c87 Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Sun, 28 Apr 2019 13:11:27 +0000
Subject: [PATCH] Restrict namespaces for systemd services by default

---
 modules/nix-bitcoin-services.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nix-bitcoin-services.nix b/modules/nix-bitcoin-services.nix
index 9ed5926..c3607cd 100644
--- a/modules/nix-bitcoin-services.nix
+++ b/modules/nix-bitcoin-services.nix
@@ -14,6 +14,7 @@ let
       ProtectKernelModules = "true";
       ProtectControlGroups = "true";
       RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
+      RestrictNamespaces = "true";
       LockPersonality = "true";
       IPAddressDeny = "any";
   };