movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge staging-next into staging

Browse source
This commit is contained in:
github-actions[bot] 2021-06-24 00:06:31 +00:00 committed by GitHub
commit 1f528e6ac6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 330 additions and 165 deletions
Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/services/networking/babeld.nix
View file

@ -104,6 +104,7 @@ in
ExecStart = "${pkgs.babeld}/bin/babeld -c ${configFile} -I /run/babeld/babeld.pid -S /var/lib/babeld/state";
AmbientCapabilities = [ "CAP_NET_ADMIN" ];
CapabilityBoundingSet = [ "CAP_NET_ADMIN" ];
DevicePolicy = "closed";
DynamicUser = true;
IPAddressAllow = [ "fe80::/64" "ff00::/8" "::1/128" "127.0.0.0/8" ];
IPAddressDeny = "any";
@ -123,12 +124,17 @@ in
RemoveIPC = true;
ProtectHome = true;
ProtectHostname = true;
ProtectProc = "invisible";
PrivateMounts = true;
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = false; # kernel_route(ADD): Operation not permitted
ProcSubset = "pid";
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" ];
SystemCallFilter = [
"@system-service"
"~@privileged @resources"
];
UMask = "0177";
RuntimeDirectory = "babeld";
StateDirectory = "babeld";