public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/unit: update sandboxing options

Browse Source
This commit is contained in:
Izorkin 2020-08-15 11:13:44 +03:00
parent d56514c76a
commit 26898b8518
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/services/web-servers/unit/default.nix
View File

@ -120,9 +120,12 @@ in {
ProtectHome = true; ProtectHome = true;
PrivateTmp = true; PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
PrivateUsers = false;
ProtectHostname = true; ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true; ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
LockPersonality = true; LockPersonality = true;