From a42bb63039bc2f7f1317151aeed918d66b103038 Mon Sep 17 00:00:00 2001
From: lod <github@bremsspur.org>
Date: Mon, 21 Oct 2024 17:50:05 +0200
Subject: [PATCH] add LogDir, ProtectSystem=yes and capabilities to bind ports

---
 ncam.service | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ncam.service b/ncam.service
index 8630532..fb66b39 100644
--- a/ncam.service
+++ b/ncam.service
@@ -8,11 +8,12 @@ Type=forking
 ExecStart=/usr/bin/ncam -b
 User=ncam
 ConfigurationDirectory=ncam
+LogsDirectory=ncam
 PrivateTmp=yes
 ProtectHome=yes
-ProtectSystem=strict
+ProtectSystem=yes
 NoNewPrivileges=yes
-ReadWritePaths=-/var/lib/ncam
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target