greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restrict namespaces for systemd services by default

This commit is contained in:
Jonas Nick 2019-04-28 13:11:27 +00:00
parent eaaf8e9aab
commit 6f8dac6e07
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/nix-bitcoin-services.nix
View File

@ -14,6 +14,7 @@ let
ProtectKernelModules = "true";
ProtectControlGroups = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = "true";
LockPersonality = "true";
IPAddressDeny = "any";
};