nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 16:03:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/cjdns: tightened permissions via systemd, added caps

Browse Source
This commit is contained in:
Sophie Taylor 2016-11-05 01:22:17 +10:00 committed by Emery Hemingway
parent ffa3f868c9
commit 20e81f7c0d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/networking/cjdns.nix
View File

@ -245,7 +245,10 @@ in
serviceConfig = {
Type = "forking";
Restart = "on-failure";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
ProtectSystem = "full";
MemoryDenyWriteExecute = true;
ProtectHome = true;
PrivateTmp = true;
};