greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove redundant hardening options

Browse Source 
These are already defined in nix-bitcoin-services.defaultHardening.
This commit is contained in:
Erik Arvstedt 2020-04-07 23:04:59 +02:00
parent 47fd6cd0f3
commit 4e92b1c818
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/bitcoind.nix
View File

@ -282,13 +282,6 @@ in {
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'"; ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
Restart = "on-failure"; Restart = "on-failure";
# Hardening measures
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
# Permission for preStart # Permission for preStart
PermissionsStartOnly = "true"; PermissionsStartOnly = "true";
} // nix-bitcoin-services.defaultHardening } // nix-bitcoin-services.defaultHardening