Merge pull request #161818 from Luflosi/fix-tor-read-resolv.conf
This commit is contained in:
commit
0b88ca814f
@ -1008,7 +1008,11 @@ in
|
||||
#InaccessiblePaths = [ "-+${runDir}/root" ];
|
||||
UMask = "0066";
|
||||
BindPaths = [ stateDir ];
|
||||
BindReadOnlyPaths = [ storeDir "/etc" ];
|
||||
BindReadOnlyPaths = [ storeDir "/etc" ] ++
|
||||
optionals config.services.resolved.enable [
|
||||
"/run/systemd/resolve/stub-resolv.conf"
|
||||
"/run/systemd/resolve/resolv.conf"
|
||||
];
|
||||
AmbientCapabilities = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
||||
CapabilityBoundingSet = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
|
||||
# ProtectClock= adds DeviceAllow=char-rtc r
|
||||
|
Loading…
Reference in New Issue
Block a user