From e6fc35de3722765ad3e62d9c42b5e78085d7d807 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= <anton@sijanec.eu>
Date: Mon, 31 Jan 2022 20:01:51 +0100
Subject: v tretje gre rado

---
 debian/changelog      | 3 ++-
 debian/sear.c.service | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index dd2f4f0..6251242 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,9 @@ sear.c (0.0.20-1) stable; urgency=low
 
   * Added fallback option to another server via HTTP redirect in case of
     CAPTCHA.
+  * Enchanced systemd unit security by whitelisting /lib, /etc and /usr/bin.
 
- -- Anton Luka Šijanec <anton@sijanec.eu>  Tue, 31 Jan 2022 19:00:00 +0200
+ -- Anton Luka Šijanec <anton@sijanec.eu>  Tue, 31 Jan 2022 20:00:00 +0200
 
 sear.c (0.0.19-1) stable; urgency=low
 
diff --git a/debian/sear.c.service b/debian/sear.c.service
index 4b3271b..b3b8b2b 100644
--- a/debian/sear.c.service
+++ b/debian/sear.c.service
@@ -3,9 +3,11 @@ Description=scrapes search results of popular engines, caches them and creates a
 After=network.target
 
 [Service]
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/lib /etc /usr/bin
+EnvironmentFile=-/etc/sear.c
 Type=simple
 DynamicUser=yes
-RuntimeDirectory=sear.c
 ExecStart=/usr/bin/sear.c
 Restart=no
 
-- 
cgit v1.2.3