mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-23 05:37:27 +03:00
nixos/pppd: allow AF_NETLINK
The pppd daemon starting with version 2.4.9 uses rtnetlink to configure the ipv6 peer address on the ppp interface. It therefore requires allowing AF_NETLINK sockets.
This commit is contained in:
parent
8abcc6ba09
commit
ee26807e35
@ -111,7 +111,17 @@ in
|
|||||||
ProtectKernelTunables = false;
|
ProtectKernelTunables = false;
|
||||||
ProtectSystem = "strict";
|
ProtectSystem = "strict";
|
||||||
RemoveIPC = true;
|
RemoveIPC = true;
|
||||||
RestrictAddressFamilies = "AF_PACKET AF_UNIX AF_PPPOX AF_ATMPVC AF_ATMSVC AF_INET AF_INET6 AF_IPX";
|
RestrictAddressFamilies = [
|
||||||
|
"AF_ATMPVC"
|
||||||
|
"AF_ATMSVC"
|
||||||
|
"AF_INET"
|
||||||
|
"AF_INET6"
|
||||||
|
"AF_IPX"
|
||||||
|
"AF_NETLINK"
|
||||||
|
"AF_PACKET"
|
||||||
|
"AF_PPPOX"
|
||||||
|
"AF_UNIX"
|
||||||
|
];
|
||||||
RestrictNamespaces = true;
|
RestrictNamespaces = true;
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user