nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 15:33:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #85133 from snicket2100/mosquitto-service-sandboxing

Browse Source 
mosquitto: systemd service sandboxing
This commit is contained in:
Sandro 2020-11-27 18:53:36 +01:00 committed by GitHub
commit a390213f85
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nixos/modules/services/networking/mosquitto.nix
View File

@ -232,6 +232,16 @@ in
Restart = "on-failure"; Restart = "on-failure";
ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}"; ExecStart = "${pkgs.mosquitto}/bin/mosquitto -c ${mosquittoConf}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ProtectSystem = "strict";
ProtectHome = true;
PrivateDevices = true;
PrivateTmp = true;
ReadWritePaths = "${cfg.dataDir}";
ProtectControlGroups = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
NoNewPrivileges = true;
}; };
preStart = '' preStart = ''
rm -f ${cfg.dataDir}/passwd rm -f ${cfg.dataDir}/passwd