diff options
author | Ryan Lahfa <masterancpp@gmail.com> | 2024-01-17 03:42:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-01-17 03:42:31 +0100 |
commit | bbd92ae0479d169c7917a92e482d598e6ea6091d (patch) | |
tree | baad97167d9b9aa40bd051423da2273e19c0bcda | |
parent | 44596db6077584d129fa5c5ed6ff2e06dbb828b0 (diff) | |
parent | 4c84c9c1c36cb0daa2eaa04b3f5c415fac1cac57 (diff) |
Merge pull request #280561 from RaitoBezarius/fix-listmonk-module
nixos/mail/listmonk: fix hardening directives
-rw-r--r-- | nixos/modules/services/mail/listmonk.nix | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix index be2f9680ca5ac..945eb436c1f23 100644 --- a/nixos/modules/services/mail/listmonk.nix +++ b/nixos/modules/services/mail/listmonk.nix @@ -201,13 +201,12 @@ in { DynamicUser = true; NoNewPrivileges = true; CapabilityBoundingSet = ""; - SystemCallArchitecture = "native"; + SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" ]; - ProtectDevices = true; + PrivateDevices = true; ProtectControlGroups = true; ProtectKernelTunables = true; ProtectHome = true; - DeviceAllow = false; RestrictNamespaces = true; RestrictRealtime = true; UMask = "0027"; |