privoxy service: additional isolation

2024-11-24 07:53:19 +00:00 · 2016-12-05 12:25:31 +01:00 · 2016-12-05 12:25:31 +01:00 · ad88f1040e
commit ad88f1040e
parent 54cea02d90
1 changed files with 5 additions and 0 deletions
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@ -100,6 +100,11 @@ in
      after = [ "network.target" "nss-lookup.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}";
+
+      serviceConfig.PrivateDevices = true;
+      serviceConfig.PrivateTmp = true;
+      serviceConfig.ProtectHome = true;
+      serviceConfig.ProtectSystem = "full";
    };

  };