e4bd1e8f92
One of the module that already supports the systemd-confinement module is public-inbox. However with the changes to support DynamicUser and ProtectSystem, the module will now fail at runtime if confinement is enabled (it's optional and you'll need to override it via another module). The reason is that the RootDirectory is set to /var/empty in the public-inbox module, which doesn't work well with the InaccessiblePaths directive we now use to support DynamicUser/ProtectSystem. To make this issue more visible, I decided to just change the priority of the RootDirectory option definiton the default override priority so that whenever another different option is defined, we'll get a conflict at evaluation time. Signed-off-by: aszlig <aszlig@nix.build> |
||
---|---|---|
.. | ||
acme | ||
apparmor | ||
krb5 | ||
wrappers | ||
apparmor.nix | ||
audit.nix | ||
auditd.nix | ||
ca.nix | ||
chromium-suid-sandbox.nix | ||
dhparams.nix | ||
doas.nix | ||
duosec.nix | ||
google_oslogin.nix | ||
ipa.nix | ||
isolate.nix | ||
lock-kernel-modules.nix | ||
misc.nix | ||
oath.nix | ||
pam_mount.nix | ||
pam.nix | ||
please.nix | ||
polkit.nix | ||
rngd.nix | ||
rtkit.nix | ||
sudo-rs.nix | ||
sudo.nix | ||
systemd-confinement.nix | ||
tpm2.nix |