From 00c65ebf8d282113290529fc265b2fca96a4c865 Mon Sep 17 00:00:00 2001
From: Matt Mix <mattmix@umn.edu>
Date: Mon, 24 Jun 2024 16:57:32 -0500
Subject: [PATCH] Add AF_UNIX to RestrictAddressFamilies (#35)

AF_UNIX is needed so that cgroup_exporter can get user information from sss.
---
 packaging/rpm/cgroup_exporter.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packaging/rpm/cgroup_exporter.service b/packaging/rpm/cgroup_exporter.service
index 46b025f..adf74a6 100644
--- a/packaging/rpm/cgroup_exporter.service
+++ b/packaging/rpm/cgroup_exporter.service
@@ -18,7 +18,7 @@ ProtectHome=yes
 ProtectControlGroups=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
-RestrictAddressFamilies=AF_INET AF_INET6
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes