public
/
objectifier
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove some protections

This commit is contained in:
niten 2023-01-22 15:37:01 -08:00
parent 48cac03ec9
commit 2446c2bd4b
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
objectifier-module.nix
View File

@ -67,13 +67,13 @@ in {
serviceConfig = { serviceConfig = {
PrivateUsers = true; PrivateUsers = true;
PrivateDevices = true; PrivateDevices = true;
PrivateTmp = true; # PrivateTmp = true;
PrivateMounts = true; # PrivateMounts = true;
ProtectControlGroups = true; # ProtectControlGroups = true;
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectKernelModules = true; ProtectKernelModules = true;
ProtectSystem = true; # ProtectSystem = true;
ProtectHostname = true; # ProtectHostname = true;
ProtectHome = true; ProtectHome = true;
ProtectClock = true; ProtectClock = true;
ProtectKernelLogs = true; ProtectKernelLogs = true;
@ -90,7 +90,6 @@ in {
RestartSec = "5s"; RestartSec = "5s";
Type = "simple"; Type = "simple";
PIDFile = "/run/objectifier.pid"; PIDFile = "/run/objectifier.pid";
ReadWritePaths = [ "/run" ];
ExecStart = let ExecStart = let
bindClause = concatStringsSep " " bindClause = concatStringsSep " "
(map (addr: "--bind ${addr}:${toString cfg.port}") (map (addr: "--bind ${addr}:${toString cfg.port}")