JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rngd: harden service config, from arch

Browse Source
This commit is contained in:
Will Dietz 2019-05-07 22:53:09 -05:00
parent a2bdd63c4f
commit e5d049e469
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/security/rngd.nix
View File

@ -42,6 +42,11 @@ in
serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d";
NoNewPrivileges = true;
PrivateNetwork = true;
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
};
};
};