public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6624 from joachifm/grsec-lock

Browse Source 
nixos: grsec-lock service fixes
This commit is contained in:
lethalman 2015-03-02 18:49:39 +01:00
commit c97d7819ab
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/security/grsecurity.nix
View File

@ -286,10 +286,11 @@ in
systemd.services.grsec-lock = mkIf cfg.config.sysctl { systemd.services.grsec-lock = mkIf cfg.config.sysctl {
description = "grsecurity sysctl-lock Service"; description = "grsecurity sysctl-lock Service";
requires = [ "sysctl.service" ]; requires = [ "systemd-sysctl.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = "yes"; serviceConfig.RemainAfterExit = "yes";
unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel/grsecurity/grsec_lock";
script = '' script = ''
locked=`cat /proc/sys/kernel/grsecurity/grsec_lock` locked=`cat /proc/sys/kernel/grsecurity/grsec_lock`
if [ "$locked" == "0" ]; then if [ "$locked" == "0" ]; then