Merge pull request #111011 from waldheinz/nginx-mem-write-exec

nixos/nginx: fix MemoryDenyWriteExecute not being disabled when needed
2021-03-03 07:19:35 -05:00 · 2021-03-03 07:19:35 -05:00 · 9798ed1a3d
parent 09ed39bf5b 7d2829c0a0
commit 9798ed1a3d
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -804,7 +804,7 @@ in
        ProtectControlGroups = true;
        RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
        LockPersonality = true;
-        MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) pkgs.nginx.modules);
+        MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) cfg.package.modules);
        RestrictRealtime = true;
        RestrictSUIDSGID = true;
        PrivateMounts = true;