From daec82e7eeeddb1f769cc340f8ff88b523f90c39 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <msfjarvis@gmail.com>
Date: Thu, 9 Jan 2020 09:55:45 +0530
Subject: [PATCH] systemd/caddy: Allow access to AF_UNIX namespace

caddy connects to php-fpm through a unix socket and thus needs access to it aside from IPv4 and IPv6

http://man7.org/linux/man-pages/man2/socket.2.html
Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
---
 systemd_units/caddy.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd_units/caddy.service b/systemd_units/caddy.service
index f14c0dd..c85c91f 100644
--- a/systemd_units/caddy.service
+++ b/systemd_units/caddy.service
@@ -29,7 +29,7 @@ ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 PrivateDevices=true
-RestrictAddressFamilies=AF_INET AF_INET6
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=true
 RestrictRealtime=true
 SystemCallArchitectures=native