movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 12:15:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/anubis: Apply some more hardening settings

Browse source 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
This commit is contained in:
Felix Singer 2025-05-23 07:10:15 +02:00
parent c9b1eb70c6
commit 959c8e9311
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/networking/anubis.nix
View file

@ -299,7 +299,8 @@ in
];
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
AmbientCapabilities = "";
PrivateMounts = true;
PrivateUsers = true;
PrivateTmp = true;
PrivateDevices = true;
@ -313,6 +314,7 @@ in
ProtectSystem = "strict";
ProtectControlGroups = "strict";
LockPersonality = true;
RemoveIPC = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictNamespaces = true;