movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/readeck: add back MemoryDenyWriteExecute

Browse source 
SQLite driver is reverted to its CGO version so this can be enabled
This commit is contained in:
linsui 2025-06-05 03:47:00 +08:00
parent 49860b21df
commit 17f95268f3
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/services/web-apps/readeck.nix
View file

@ -69,6 +69,7 @@ in
ExecStart = "${lib.getExe cfg.package} serve -config ${configFile}";
ProtectSystem = "full";
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;