nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-18 18:14:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #268634 from tie/redis-restrict-address-families

Browse Source 
nixos/redis: loosen systemd address family restrictions
This commit is contained in:
Mario Rodas 2023-11-27 20:06:29 -05:00 committed by GitHub
commit 3dba8d6fdb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/databases/redis.nix
View File

@ -393,9 +393,7 @@ in {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies =
optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
optional (conf.unixSocket != null) "AF_UNIX";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;