From 2af73881d7c1c1d4484c267a60d2d01fe1458389 Mon Sep 17 00:00:00 2001
From: Carl Tashian <carl@smallstep.com>
Date: Thu, 28 Jan 2021 07:48:21 -0800
Subject: [PATCH] Add ProtectHome=true

---
 systemd/step-ca.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/systemd/step-ca.service b/systemd/step-ca.service
index 4b9975e7..1941a634 100644
--- a/systemd/step-ca.service
+++ b/systemd/step-ca.service
@@ -31,6 +31,7 @@ NoNewPrivileges=yes
 
 ; Sandboxing
 ProtectSystem=full
+ProtectHome=true
 RestrictNamespaces=true
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
 PrivateTmp=true