movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 20:25:32 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/anubis: Apply some more hardening settings (#410041)

Browse source
This commit is contained in:
Aleksana 2025-05-26 17:42:25 +08:00 committed by GitHub
commit 05ea790f13
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/networking/anubis.nix
View file

@ -299,7 +299,8 @@ in
];
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
AmbientCapabilities = "";
PrivateMounts = true;
PrivateUsers = true;
PrivateTmp = true;
PrivateDevices = true;
@ -313,6 +314,7 @@ in
ProtectSystem = "strict";
ProtectControlGroups = "strict";
LockPersonality = true;
RemoveIPC = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictNamespaces = true;