public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #71576 from ShaRose/patch-1

Browse Source 
nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
This commit is contained in:
Silvan Mosberger 2019-11-09 00:07:09 +01:00 committed by GitHub
commit 3022fde292
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/networking/dnsdist.nix
View File

@ -46,11 +46,10 @@ in {
RestartSec="1"; RestartSec="1";
DynamicUser = true; DynamicUser = true;
StartLimitInterval="0"; StartLimitInterval="0";
PrivateTmp=true;
PrivateDevices=true; PrivateDevices=true;
CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID"; AmbientCapabilities="CAP_NET_BIND_SERVICE";
CapabilityBoundingSet="CAP_NET_BIND_SERVICE";
ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";
ProtectSystem="full";
ProtectHome=true; ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
LimitNOFILE="16384"; LimitNOFILE="16384";