Merge branch 'debian/latest' into 'debian/latest'

d/service: Use systemd to sandbox eg25-manager

See merge request mobian1/devices/eg25-manager!16

debian/eg25-manager.service

@@ -6,6 +6,23 @@ Before=ModemManager.service
 Type=simple
 ExecStart=/usr/bin/eg25manager
 Restart=on-failure
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectSystem=strict
+RestrictSUIDSGID=true
+PrivateTmp=true
+ProtectedKernelModules=true
+MemoryDenyWriteExecute=true
+PrivateMounts=true
+NoNewPrivileges=true
+CapabilityBoundingSet=
+ProtectProc=true
+ProtectDevices=true
+DeviceAllow=/dev/ttyS2
+LockPersonality=true
+ProtectClock=true
+ProtectKernelLog=true
 
 [Install]
 WantedBy=multi-user.target