Merge pull request #111011 from waldheinz/nginx-mem-write-exec
nixos/nginx: fix MemoryDenyWriteExecute not being disabled when needed
This commit is contained in:
commit
9798ed1a3d
|
@ -804,7 +804,7 @@ in
|
|||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) pkgs.nginx.modules);
|
||||
MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) cfg.package.modules);
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
PrivateMounts = true;
|
||||
|
|
Loading…
Reference in New Issue