b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #108238 from snicket2100/more-dnscrypt-proxy-hardening

Browse source 
nixos/dnscrypt-proxy2: more service hardening
This commit is contained in:
Guillaume Girol 2021-02-08 19:22:44 +00:00 committed by GitHub
parent 4239d3450c 2bab1a76c6
commit 2630a2df91
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
nixos/modules/services/networking/dnscrypt-proxy2.nix
View file

@ -87,6 +87,7 @@ in
NoNewPrivileges = true;
NonBlocking = true;
PrivateDevices = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
@ -107,8 +108,13 @@ in
SystemCallFilter = [
"@system-service"
"@chown"
"~@aio"
"~@keyring"
"~@memlock"
"~@resources"
"@privileged"
"~@setuid"
"~@sync"
"~@timer"
];
};
};