From 18d5e5333947e89223863a364412d52dc4af6606 Mon Sep 17 00:00:00 2001
From: Alexey Avramov <hakavlad@gmail.com>
Date: Sun, 8 Dec 2019 21:47:01 +0900
Subject: [PATCH] update unit files

---
 nohang/nohang-desktop.service.in | 2 ++
 nohang/nohang.service.in         | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/nohang/nohang-desktop.service.in b/nohang/nohang-desktop.service.in
index 1bad47c..4e17b66 100644
--- a/nohang/nohang-desktop.service.in
+++ b/nohang/nohang-desktop.service.in
@@ -20,6 +20,8 @@ PrivateTmp=true
 RestrictRealtime=yes
 MemoryDenyWriteExecute=yes
 ProtectKernelModules=true
+RestrictNamespaces=yes
+LockPersonality=yes
 SystemCallArchitectures=native
 ReadOnlyPaths=/
 ReadWritePaths=/tmp /var /run /dev/shm
diff --git a/nohang/nohang.service.in b/nohang/nohang.service.in
index a2e6add..9b8a551 100644
--- a/nohang/nohang.service.in
+++ b/nohang/nohang.service.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=Highly configurable OOM prevention daemon
 Documentation=man:nohang(1) https://github.com/hakavlad/nohang
+Conflicts=nohang-desktop.service
 After=system.slice
 
 [Service]
@@ -19,6 +20,8 @@ PrivateTmp=true
 RestrictRealtime=yes
 MemoryDenyWriteExecute=yes
 ProtectKernelModules=true
+RestrictNamespaces=yes
+LockPersonality=yes
 SystemCallArchitectures=native
 ReadOnlyPaths=/
 ReadWritePaths=/tmp /var /run /dev/shm