From 1a36152123141e2bd863bbf1d985d0475da82bb5 Mon Sep 17 00:00:00 2001
From: Darkcyankitty <darkcyan_kitty@proton.me>
Date: Wed, 20 Aug 2025 18:12:56 +0000
Subject: [PATCH] Update i2pd.service

Hardening for i2pd.service
---
 contrib/i2pd.service | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/contrib/i2pd.service b/contrib/i2pd.service
index 1ab46979..1eb8a92b 100644
--- a/contrib/i2pd.service
+++ b/contrib/i2pd.service
@@ -34,5 +34,20 @@ LimitNOFILE=8192
 # To enable write of coredump uncomment this
 #LimitCORE=infinity
 
+#hardening
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProcSubset=pid
+PrivateTmp=true
+PrivateUsers=true
+PrivateDevices=true
+PrivateIPC=true
+NoNewPrivileges=true
+RestrictNamespaces=true
+
 [Install]
 WantedBy=multi-user.target