Merge pull request #161818 from Luflosi/fix-tor-read-resolv.conf

This commit is contained in:
Sandro 2022-03-15 19:23:13 +01:00 committed by GitHub
commit 0b88ca814f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1008,7 +1008,11 @@ in
#InaccessiblePaths = [ "-+${runDir}/root" ];
UMask = "0066";
BindPaths = [ stateDir ];
BindReadOnlyPaths = [ storeDir "/etc" ];
BindReadOnlyPaths = [ storeDir "/etc" ] ++
optionals config.services.resolved.enable [
"/run/systemd/resolve/stub-resolv.conf"
"/run/systemd/resolve/resolv.conf"
];
AmbientCapabilities = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = [""] ++ lib.optional bindsPrivilegedPort "CAP_NET_BIND_SERVICE";
# ProtectClock= adds DeviceAllow=char-rtc r