From d4589e6527c80400ca1a85890ef4947f4673d832 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Wed, 29 Jun 2016 10:43:05 +0200
Subject: [PATCH] Hardened systemd unit file

  Resolves: rhbz#1350941
---
 postfix.service | 4 ++++
 postfix.spec    | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/postfix.service b/postfix.service
index 23df077..e2b43a6 100644
--- a/postfix.service
+++ b/postfix.service
@@ -7,6 +7,10 @@ Conflicts=sendmail.service exim.service
 Type=forking
 PIDFile=/var/spool/postfix/pid/master.pid
 EnvironmentFile=-/etc/sysconfig/network
+PrivateTmp=true
+CapabilityBoundingSet=~ CAP_NET_ADMIN CAP_SYS_ADMIN CAP_SYS_BOOT CAP_SYS_MODULE
+ProtectSystem=true
+PrivateDevices=true
 ExecStartPre=-/usr/libexec/postfix/aliasesdb
 ExecStartPre=-/usr/libexec/postfix/chroot-update
 ExecStart=/usr/sbin/postfix start
diff --git a/postfix.spec b/postfix.spec
index e7323d8..56b7e72 100644
--- a/postfix.spec
+++ b/postfix.spec
@@ -42,7 +42,7 @@
 Name: postfix
 Summary: Postfix Mail Transport Agent
 Version: 3.1.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 Group: System Environment/Daemons
 URL: http://www.postfix.org
@@ -732,6 +732,10 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Wed Jun 29 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.1.1-2
+- Hardened systemd unit file
+  Resolves: rhbz#1350941
+
 * Mon May 16 2016 Jaroslav Škarvada <jskarvad@redhat.com> - 2:3.1.1-1
 - New version
   Resolves: rhbz#1336245