ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 20:49:52 +03:00
Code Issues Projects Releases Wiki Activity

nixos/rust-motd: fix systemd service checks

Browse Source 
By completely locking down RestrictAddressFamilies, the service
was unable to talk to systemd to check .service statuses.
This commit is contained in:
Jakub Okoński 2022-09-18 23:17:50 +02:00 committed by GitHub
parent 165abe7d73
commit 1655d5ab7a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/programs/rust-motd.nix
View File

@ -69,7 +69,7 @@ in {
ProtectKernelTunables = true;
ProtectSystem = "full";
StateDirectory = "rust-motd";
RestrictAddressFamilies = "none";
RestrictAddressFamilies = [ "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;