ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-23 05:37:27 +03:00
Code Issues Projects Releases Wiki Activity

nixos/pppd: allow AF_NETLINK

Browse Source 
The pppd daemon starting with version 2.4.9 uses rtnetlink to configure
the ipv6 peer address on the ppp interface. It therefore requires
allowing AF_NETLINK sockets.
This commit is contained in:
Martin Weinelt 2021-07-21 16:38:51 +02:00
parent 8abcc6ba09
commit ee26807e35
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/services/networking/pppd.nix
View File

@ -111,7 +111,17 @@ in
ProtectKernelTunables = false; ProtectKernelTunables = false;
ProtectSystem = "strict"; ProtectSystem = "strict";
RemoveIPC = true; RemoveIPC = true;
RestrictAddressFamilies = "AF_PACKET AF_UNIX AF_PPPOX AF_ATMPVC AF_ATMSVC AF_INET AF_INET6 AF_IPX"; RestrictAddressFamilies = [
"AF_ATMPVC"
"AF_ATMSVC"
"AF_INET"
"AF_INET6"
"AF_IPX"
"AF_NETLINK"
"AF_PACKET"
"AF_PPPOX"
"AF_UNIX"
];
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;