chn/nixpkgs
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixpkgs.git synced 2026-01-11 18:32:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

nixos/readeck: add back MemoryDenyWriteExecute

Browse Source 
SQLite driver is reverted to its CGO version so this can be enabled

(cherry picked from commit 17f95268f3)
This commit is contained in:
linsui
2025-06-05 03:47:00 +08:00
committed by github-actions[bot]
parent 0bc36c3d9a
commit d50977688f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/services/web-apps/readeck.nix
View File

@@ -68,6 +68,7 @@ in
ExecStart = "${lib.getExe cfg.package} serve -config ${configFile}";
ProtectSystem = "full";
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateTmp = true;
PrivateDevices = true;