From 870d4152dfc3d990e336723562948835c2dbd646 Mon Sep 17 00:00:00 2001
From: setpill <37372069+setpill@users.noreply.github.com>
Date: Tue, 6 Aug 2019 14:34:07 +0200
Subject: [PATCH] Set ProtectHome in systemd service file

Further hardening; the service should be run with as many restrictions
as possible without breaking it.
---
 contrib/init/bitcoind.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contrib/init/bitcoind.service b/contrib/init/bitcoind.service
index 5f9a64909..34c3e7b3a 100644
--- a/contrib/init/bitcoind.service
+++ b/contrib/init/bitcoind.service
@@ -58,6 +58,9 @@ PrivateTmp=true
 # Mount /usr, /boot/ and /etc read-only for the process.
 ProtectSystem=full
 
+# Deny access to /home, /root and /run/user
+ProtectHome=true
+
 # Disallow the process and all of its children to gain
 # new privileges through execve().
 NoNewPrivileges=true