aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Restrict namespaces for systemd services by default

Browse source
This commit is contained in:
Jonas Nick 2019-04-28 13:11:27 +00:00
parent eaaf8e9aab
commit 6f8dac6e07
No known key found for this signature in database
GPG key ID: 4861DBF262123605
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nix-bitcoin-services.nix
View file

@ -14,6 +14,7 @@ let
ProtectKernelModules = "true"; ProtectKernelModules = "true";
ProtectControlGroups = "true"; ProtectControlGroups = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = "true";
LockPersonality = "true"; LockPersonality = "true";
IPAddressDeny = "any"; IPAddressDeny = "any";
}; };