public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #61032 from dtzWill/feature/rngd-harden

Browse Source 
rngd: harden service config, settings from arch
This commit is contained in:
Renaud 2019-05-11 23:36:57 +02:00 committed by GitHub
commit e8d7f17c81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/security/rngd.nix
View File

@ -42,6 +42,11 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f" ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d"; + optionalString cfg.debug " -d";
NoNewPrivileges = true;
PrivateNetwork = true;
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
}; };
}; };
}; };