From 96be2d5a7dd1c3733311e20eb5b41ecb6aeb0086 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Sun, 28 Jul 2013 18:33:57 +0200 Subject: [PATCH] Fix ReadWriteDirectories for fail2ban, added /var/tmp. --- modules/services/security/fail2ban.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/security/fail2ban.nix b/modules/services/security/fail2ban.nix index a232d18a572..ee57a41888b 100644 --- a/modules/services/security/fail2ban.nix +++ b/modules/services/security/fail2ban.nix @@ -117,7 +117,7 @@ in serviceConfig = { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f"; ReadOnlyDirectories = "/"; - ReadWriteDirectories = "/var/run/fail2ban"; + ReadWriteDirectories = "/var/run/fail2ban /var/tmp"; CapabilityBoundingSet="CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW"; };