public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cjdns service: allow writing keys to /etc

Browse Source 
20e81f7c0d56e0b179115ca72a85b81ff637d909 prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.

Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
This commit is contained in:
Joachim Fasting 2017-02-05 04:42:16 +01:00
parent f9c684e152
commit a0338afe5f
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/cjdns.nix
View File

@ -260,7 +260,7 @@ in
RestartSec = 1; RestartSec = 1;
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
ProtectSystem = "full"; ProtectSystem = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
ProtectHome = true; ProtectHome = true;
PrivateTmp = true; PrivateTmp = true;