Update Systemd Service File

Signed-off-by: SZanko <szanko@protonmail.com>

3 files changed, 16 insertions, 2 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 932416a5d007..fd3d9bfad46d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = rimgo
 	pkgdesc = An alternative frontend for Imgur. Originally based on rimgu.
 	pkgver = 2022.04.22
-	pkgrel = 1
+	pkgrel = 2
 	url = https://codeberg.org/video-prize-ranch/rimgo
 	arch = i686
 	arch = pentium4
diff --git a/PKGBUILD b/PKGBUILD
index e9800c7da79e..f49a9c781d24 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,7 +2,7 @@
 pkgname=rimgo
 rpkgver=2022-04-22
 pkgver=2022.04.22
-pkgrel=1
+pkgrel=2
 pkgdesc="An alternative frontend for Imgur. Originally based on rimgu."
 arch=('i686' 'pentium4' 'x86_64' 'arm' 'armv7h' 'armv6h' 'aarch64')
 url="https://codeberg.org/video-prize-ranch/rimgo"
diff --git a/rimgo.service b/rimgo.service
index f59b11d498ec..0c56086ec25d 100644
--- a/rimgo.service
+++ b/rimgo.service
@@ -34,6 +34,20 @@ RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service ~@privileged ~@resources
 UMask=0077
+CapabilityBoundingSet=~CAP_SYS_CHROOT
+CapabilityBoundingSet=~CAP_SYS_BOOT
+CapabilityBoundingSet=~CAP_SYS_PTRACE
+CapabilityBoundingSet=~CAP_SYS_ADMIN
+CapabilityBoundingSet=~CAP_KILL
+CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND
+CapabilityBoundingSet=~CAP_SYS_NICE
+CapabilityBoundingSet=~CAP_SYS_RESOURCE
+#CapabilityBoundingSet=~CAP_CHOWN
+CapabilityBoundingSet=~CAP_FSETID
+CapabilityBoundingSet=~CAP_SETFCAP
+
+PrivateUsers=true
 
 [Install]
 WantedBy=default.target