movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-24 10:10:37 +03:00
Code Activity

Merge pull request #17822 from abbradar/systemd-mounts

Browse source 
nixos filesystems: unify special filesystems handling
This commit is contained in:
Nikolay Amiantov 2016-08-30 22:42:19 +04:00 committed by GitHub
commit 509733a343
7 changed files with 75 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nixos/modules/security/hidepid.nix
View file

@ -20,23 +20,6 @@ with lib;
config = mkIf config.security.hideProcessInformation {
users.groups.proc.gid = config.ids.gids.proc;
systemd.services.hidepid = {
wantedBy = [ "local-fs.target" ];
after = [ "systemd-remount-fs.service" ];
before = [ "local-fs-pre.target" "local-fs.target" "shutdown.target" ];
wants = [ "local-fs-pre.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=2,gid=${toString config.ids.gids.proc} /proc'';
ExecStop = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=0,gid=0 /proc'';
};
unitConfig = {
DefaultDependencies = false;
Conflicts = "shutdown.target";
};
};
fileSystems."/proc".options = [ "hidepid=2" "gid=${toString config.ids.gids.proc}" ];
};
}