foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-31 10:58:02 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: reduce service capability

Browse Source
This commit is contained in:
Gabriel Arazas 2023-09-20 11:04:45 +08:00
parent fbce914870
commit eed4160b85
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/plover/modules/services/bind.nix
View File

@ -220,11 +220,11 @@ in
# Granting and restricting its capabilities. Take note we're not using # Granting and restricting its capabilities. Take note we're not using
# syslog for this even if the application can so no syslog capability. # syslog for this even if the application can so no syslog capability.
# Additionally, we're using omitting the program's ability to chroot and
# chown since the user and the directories are already configured.
CapabilityBoundingSet = [ CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE" "CAP_NET_BIND_SERVICE"
"CAP_NET_RAW" "CAP_NET_RAW"
"CAP_CHOWN"
"CAP_SYS_CHROOT"
]; ];
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];