diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-02 07:30:44 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-02 11:28:24 +0200 |
commit | 60a27781d6d358e0c5cd144c7c90642761c1a31f (patch) | |
tree | 6ec93e899a7a857300ec8c08d9f14e8502bb91e6 /nixos/modules/security/grsecurity.nix | |
parent | 39db90eaf60999db2ffd13668b4619a2d57f76ad (diff) | |
download | nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar.gz nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar.bz2 nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar.lz nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar.xz nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.tar.zst nixlib-60a27781d6d358e0c5cd144c7c90642761c1a31f.zip |
grsecurity module: fix grsec-lock unit ordering
Requirement without ordering implies parallel execution; it is crucial that sysctl tunables are finalized before the lock is engaged, however.
Diffstat (limited to 'nixos/modules/security/grsecurity.nix')
-rw-r--r-- | nixos/modules/security/grsecurity.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 236206026c3f..11668162808f 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -234,7 +234,8 @@ in systemd.services.grsec-lock = mkIf cfg.config.sysctl { description = "grsecurity sysctl-lock Service"; - requires = [ "systemd-sysctl.service" ]; + wants = [ "systemd-sysctl.service" ]; + after = [ "systemd-sysctl.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = "yes"; |