mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-02-24 12:19:00 +00:00
services/wezterm-mux-server: update hardening settings
This commit is contained in:
parent
eef1ff0b32
commit
f34d793bb6
@ -46,9 +46,17 @@ in
|
||||
RestrictRealtime = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
|
||||
RuntimeDirectory = "wezterm";
|
||||
CacheDirectory = "wezterm";
|
||||
StateDirectory = "wezterm";
|
||||
|
||||
# Filtering system calls.
|
||||
SystemCallFilter = [
|
||||
|
Loading…
Reference in New Issue
Block a user