jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restrict namespaces for systemd services by default

Browse Source
This commit is contained in:
Jonas Nick
2019-04-28 13:11:27 +00:00
parent eaaf8e9aab
commit 6f8dac6e07
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/nix-bitcoin-services.nix
View File

@@ -14,6 +14,7 @@ let
ProtectKernelModules = "true";
ProtectControlGroups = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictNamespaces = "true";
LockPersonality = "true";
IPAddressDeny = "any";
};