chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-12 02:40:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

nixos/anubis: Apply some more hardening settings

Browse Source 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
(cherry picked from commit 959c8e9311)
This commit is contained in:
Felix Singer
2025-05-23 07:10:15 +02:00
committed by github-actions[bot]
parent 862006049a
commit 7c832ecc1c
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/services/networking/anubis.nix
View File

@@ -299,7 +299,8 @@ in
];
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
AmbientCapabilities = "";
PrivateMounts = true;
PrivateUsers = true;
PrivateTmp = true;
PrivateDevices = true;
@@ -313,6 +314,7 @@ in
ProtectSystem = "strict";
ProtectControlGroups = "strict";
LockPersonality = true;
RemoveIPC = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictNamespaces = true;