Wait, is it ReadWritePaths?
This commit is contained in:
parent
dd2df768f1
commit
7e533a6d6f
@ -312,25 +312,25 @@ let
|
|||||||
description = "Heimdal propagation listener server.";
|
description = "Heimdal propagation listener server.";
|
||||||
path = with pkgs; [ heimdal ];
|
path = with pkgs; [ heimdal ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
# StandardInput = "socket";
|
StandardInput = "socket";
|
||||||
# StandardOutput = "socket";
|
StandardOutput = "socket";
|
||||||
# PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
# PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
# ProtectControlGroups = true;
|
ProtectControlGroups = true;
|
||||||
# ProtectKernelTunables = true;
|
ProtectKernelTunables = true;
|
||||||
# ProtectHostname = true;
|
ProtectHostname = true;
|
||||||
# ProtectClock = true;
|
ProtectClock = true;
|
||||||
# ProtectKernelLogs = true;
|
ProtectKernelLogs = true;
|
||||||
# MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
# RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
# LimitNOFILE = "4096";
|
LimitNOFILE = "4096";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
# Server will retry -- this results in stacking
|
# Server will retry -- this results in stacking
|
||||||
Restart = "never";
|
Restart = "never";
|
||||||
# AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
# SecureBits = "keep-caps";
|
SecureBits = "keep-caps";
|
||||||
ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
|
#ReadWritePaths = [ "${dirOf cfg.kdc.database}" ];
|
||||||
ExecStart = let
|
ExecStart = let
|
||||||
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
|
startScript = pkgs.writeShellScript "launch-heimdal-hpropd.sh"
|
||||||
(concatStringsSep " " [
|
(concatStringsSep " " [
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user