b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/security/misc: use mkMerge for easier extension

Browse source
This commit is contained in:
Joachim Fasting 2018-11-24 18:37:46 +01:00
parent 2534dddaa9
commit 9db84f6fcd
No known key found for this signature in database
GPG key ID: 5C204DF675C90294
1 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
nixos/modules/security/misc.nix
View file

@ -24,16 +24,18 @@ with lib;
};
};
config = mkIf (!config.security.allowUserNamespaces) {
# Setting the number of allowed user namespaces to 0 effectively disables
# the feature at runtime. Note that root may raise the limit again
# at any time.
boot.kernel.sysctl."user.max_user_namespaces" = 0;
config = mkMerge [
(mkIf (!config.security.allowUserNamespaces) {
# Setting the number of allowed user namespaces to 0 effectively disables
# the feature at runtime. Note that root may raise the limit again
# at any time.
boot.kernel.sysctl."user.max_user_namespaces" = 0;
assertions = [
{ assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
}
];
};
assertions = [
{ assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
}
];
})
];
}