ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-17 14:19:58 +03:00
Code Issues Projects Releases Wiki Activity

nixos/unit: update sandboxing options

Browse Source
This commit is contained in:
Izorkin 2020-08-15 11:13:44 +03:00
parent d56514c76a
commit 26898b8518
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/services/web-servers/unit/default.nix
View File

@ -120,9 +120,12 @@ in {
ProtectHome = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
LockPersonality = true;