public
/
objectifier
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Okay, now lock some stuff

This commit is contained in:
niten 2023-01-22 16:17:03 -08:00
parent f92c5ce3a3
commit cb5aaf3efc
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
objectifier-module.nix
View File

@ -65,21 +65,21 @@ in {
OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay; OBJECTIFIER_CLEANUP_DELAY = toString cfg.cleanup.delay;
}; };
serviceConfig = { serviceConfig = {
# PrivateUsers = true; PrivateUsers = true;
# PrivateDevices = true; PrivateDevices = true;
# PrivateTmp = true; PrivateTmp = true;
# PrivateMounts = true; PrivateMounts = true;
# ProtectControlGroups = true; ProtectControlGroups = true;
# ProtectKernelTunables = true; ProtectKernelTunables = true;
# ProtectKernelModules = true; ProtectKernelModules = true;
# ProtectSystem = true; ProtectSystem = true;
# ProtectHostname = true; ProtectHostname = true;
# ProtectHome = true; ProtectHome = true;
# ProtectClock = true; ProtectClock = true;
# ProtectKernelLogs = true; ProtectKernelLogs = true;
# DynamicUser = true; DynamicUser = true;
# MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
# RestrictRealtime = true; RestrictRealtime = true;
# LockPersonality = true; # LockPersonality = true;
# PermissionsStartOnly = true; # PermissionsStartOnly = true;
WorkingDirectory = "${pkgs.objectifier}"; WorkingDirectory = "${pkgs.objectifier}";