JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #148458 from lunik1/snapraid-fix

Browse Source 
nixos/snapraid: relax permissions of snapraid-sync
This commit is contained in:
Jörg Thalheim 2021-12-03 17:59:37 +00:00 committed by GitHub
commit 4f08634a18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/tasks/snapraid.nix
View File

@ -193,7 +193,6 @@ in
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
@ -208,7 +207,8 @@ in
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
SystemCallErrorNumber = "EPERM";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE";
CapabilityBoundingSet = "CAP_DAC_OVERRIDE" ++
lib.optionalString cfg.touchBeforeSync " CAP_FOWNER";
ProtectSystem = "strict";
ProtectHome = "read-only";