public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/cjdns: tightened permissions via systemd, added caps

Browse Source
This commit is contained in:
Sophie Taylor 2016-11-05 01:22:17 +10:00 committed by Emery Hemingway
parent ffa3f868c9
commit 20e81f7c0d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/networking/cjdns.nix
View File

@ -245,7 +245,10 @@ in
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "forking";
Restart = "on-failure"; Restart = "on-failure";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
ProtectSystem = "full";
MemoryDenyWriteExecute = true;
ProtectHome = true; ProtectHome = true;
PrivateTmp = true; PrivateTmp = true;
}; };