mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-21 12:38:41 +03:00
Merge pull request #161818 from Luflosi/fix-tor-read-resolv.conf
This commit is contained in:
commit
0b88ca814f
@ -1008,7 +1008,11 @@ in
|
|||||||
#InaccessiblePaths = [ "-+${runDir}/root" ];
|
#InaccessiblePaths = [ "-+${runDir}/root" ];
|
||||||
UMask = "0066";
|
UMask = "0066";
|
||||||
BindPaths = [ stateDir ];
|
BindPaths = [ stateDir ];
|
||||||
BindReadOnlyPaths = [ storeDir "/etc" ];
|
BindReadOnlyPaths = [ storeDir "/etc" ] ++
|
||||||
|
optionals config.services.resolved.enable [
|
||||||
|
"/run/systemd/resolve/stub-resolv.conf"
|
||||||
|
"/run/systemd/resolve/resolv.conf"
|
||||||
|
];
|
||||||
AmbientCapabilities = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
AmbientCapabilities = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
||||||
CapabilityBoundingSet = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
CapabilityBoundingSet = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
||||||
# ProtectClock= adds DeviceAllow=char-rtc r
|
# ProtectClock= adds DeviceAllow=char-rtc r
|
||||||
|
Loading…
Reference in New Issue
Block a user