foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-24 18:19:01 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

services/wezterm-mux-server: update hardening settings

Browse Source
This commit is contained in:
Gabriel Arazas 2023-07-27 22:21:30 +08:00
parent eef1ff0b32
commit f34d793bb6
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/nixos/services/wezterm-mux-server.nix
View File

@ -46,9 +46,17 @@ in
RestrictRealtime = true; RestrictRealtime = true;
ProtectClock = true; ProtectClock = true;
ProtectKernelLogs = true; ProtectKernelLogs = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectHome = true;
ProtectHostname = true; ProtectHostname = true;
ProtectControlGroups = true; ProtectControlGroups = true;
ProtectProc = "invisible"; ProtectProc = "invisible";
ProcSubset = "pid";
RuntimeDirectory = "wezterm";
CacheDirectory = "wezterm";
StateDirectory = "wezterm";
# Filtering system calls. # Filtering system calls.
SystemCallFilter = [ SystemCallFilter = [