remove redundant hardening options
These are already defined in nix-bitcoin-services.defaultHardening.
This commit is contained in:
parent
47fd6cd0f3
commit
4e92b1c818
@ -282,13 +282,6 @@ in {
|
||||
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
||||
Restart = "on-failure";
|
||||
|
||||
# Hardening measures
|
||||
PrivateTmp = "true";
|
||||
ProtectSystem = "full";
|
||||
NoNewPrivileges = "true";
|
||||
PrivateDevices = "true";
|
||||
MemoryDenyWriteExecute = "true";
|
||||
|
||||
# Permission for preStart
|
||||
PermissionsStartOnly = "true";
|
||||
} // nix-bitcoin-services.defaultHardening
|
||||
|
Loading…
Reference in New Issue
Block a user