public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hylafax: enable `ProtectKernelLogs` for most services 

Also document that `ProtectClock` blocks access to serial line.
I couldn't found out why this is the case,
but faxgetty complains about the device file
not being accessible with `ProtectClock=true`.
This commit is contained in:
Yarny0 2021-05-13 20:59:24 +02:00
parent 4415846d5c
commit c2af1ff281
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/hylafax/systemd.nix
View File

@ -106,8 +106,10 @@ let
PrivateDevices = true; # breaks /dev/tty... PrivateDevices = true; # breaks /dev/tty...
PrivateNetwork = true; PrivateNetwork = true;
PrivateTmp = true; PrivateTmp = true;
#ProtectClock = true; # breaks /dev/tty... (why?)
ProtectControlGroups = true; ProtectControlGroups = true;
#ProtectHome = true; # breaks custom spool dirs #ProtectHome = true; # breaks custom spool dirs
ProtectKernelLogs = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
#ProtectSystem = "strict"; # breaks custom spool dirs #ProtectSystem = "strict"; # breaks custom spool dirs