@@ -, +, @@ 
---
 net-dns/dnsmasq/files/dnsmasq.service-r1 | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)
--- a/net-dns/dnsmasq/files/dnsmasq.service-r1	
+++ a/net-dns/dnsmasq/files/dnsmasq.service-r1	
@@ -3,10 +3,21 @@ Description=A lightweight DHCP and caching DNS server
 After=network.target
 
 [Service]
+User=dnsmasq
+Group=dnsmasq
 Type=simple
+PIDFile=/run/dnsmasq/dnsmasq.pid 
 ExecStartPre=/usr/sbin/dnsmasq --test
-ExecStart=/usr/sbin/dnsmasq -k --user=dnsmasq --group=dnsmasq
+ExecStart=/usr/sbin/dnsmasq -k -x /run/dnsmasq/dnsmasq.pid 
 ExecReload=/bin/kill -HUP $MAINPID
+RuntimeDirectory=dnsmasq
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
 
 [Install]
 WantedBy=multi-user.target