diff options
| author | Renaud <c0bw3b@users.noreply.github.com> | 2019-05-11 23:36:57 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-11 23:36:57 +0200 |
| commit | e8d7f17c81c0af3571d40f4368a5858933f144e3 (patch) | |
| tree | 200882668ddb5741ee4e59b17d2113ebe060cb31 /nixos/modules | |
| parent | 1a262d01ba1b36bec4ae2f0fa72f7ba591a8e30c (diff) | |
| parent | e5d049e46978ccdcf114852d161be66224351724 (diff) | |
| download | nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar.gz nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar.bz2 nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar.lz nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar.xz nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.tar.zst nixlib-e8d7f17c81c0af3571d40f4368a5858933f144e3.zip | |
Merge pull request #61032 from dtzWill/feature/rngd-harden
rngd: harden service config, settings from arch
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/security/rngd.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index 60361d9960ed..d9d6d9c9f253 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -42,6 +42,11 @@ in serviceConfig = { ExecStart = "${pkgs.rng-tools}/sbin/rngd -f" + optionalString cfg.debug " -d"; + NoNewPrivileges = true; + PrivateNetwork = true; + PrivateTmp = true; + ProtectSystem = "full"; + ProtectHome = true; }; }; }; |