public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #108238 from snicket2100/more-dnscrypt-proxy-hardening

Browse Source 
nixos/dnscrypt-proxy2: more service hardening
This commit is contained in:
Guillaume Girol 2021-02-08 19:22:44 +00:00 committed by GitHub
commit 2630a2df91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nixos/modules/services/networking/dnscrypt-proxy2.nix
View File

@ -87,6 +87,7 @@ in
NoNewPrivileges = true; NoNewPrivileges = true;
NonBlocking = true; NonBlocking = true;
PrivateDevices = true; PrivateDevices = true;
ProtectClock = true;
ProtectControlGroups = true; ProtectControlGroups = true;
ProtectHome = true; ProtectHome = true;
ProtectHostname = true; ProtectHostname = true;
@ -107,8 +108,13 @@ in
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"@chown" "@chown"
"~@aio"
"~@keyring"
"~@memlock"
"~@resources" "~@resources"
"@privileged" "~@setuid"
"~@sync"
"~@timer"
]; ];
}; };
}; };