mirror/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-29 07:32:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #280561 from RaitoBezarius/fix-listmonk-module

Browse Source 
nixos/mail/listmonk: fix hardening directives
This commit is contained in:
Ryan Lahfa 2024-01-17 03:42:31 +01:00 committed by GitHub
commit bbd92ae047
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/mail/listmonk.nix
View File

@ -201,13 +201,12 @@ in {
DynamicUser = true;
NoNewPrivileges = true;
CapabilityBoundingSet = "";
SystemCallArchitecture = "native";
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" ];
ProtectDevices = true;
PrivateDevices = true;
ProtectControlGroups = true;
ProtectKernelTunables = true;
ProtectHome = true;
DeviceAllow = false;
RestrictNamespaces = true;
RestrictRealtime = true;
UMask = "0027";