diff options
| author | Nick Cao <nickcao@nichi.co> | 2023-09-23 11:37:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-23 11:37:13 -0400 |
| commit | 1fe305df27313fb29dd322835a05932a7116efb2 (patch) | |
| tree | 1c4e9a6ad76762a434dc44a5a736b29f7e5970b4 /nixos | |
| parent | 4199b6014e8d8e211f49ba4ad9108b1358e8296e (diff) | |
| parent | 11d4f6e4a86e0c1493c57eccd4c2713648baa44f (diff) | |
| download | nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar.gz nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar.bz2 nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar.lz nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar.xz nixlib-1fe305df27313fb29dd322835a05932a7116efb2.tar.zst nixlib-1fe305df27313fb29dd322835a05932a7116efb2.zip | |
Merge pull request #256906 from oddlama/fix-typesense-0.25.1
nixos/typesense: disable MemoryDenyWriteExecute which is needed since 0.25.1
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/search/typesense.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/search/typesense.nix b/nixos/modules/services/search/typesense.nix index 856c3cad22df..c158d04fea23 100644 --- a/nixos/modules/services/search/typesense.nix +++ b/nixos/modules/services/search/typesense.nix @@ -83,12 +83,12 @@ in { Group = "typesense"; StateDirectory = "typesense"; - StateDirectoryMode = "0700"; + StateDirectoryMode = "0750"; # Hardening CapabilityBoundingSet = ""; LockPersonality = true; - MemoryDenyWriteExecute = true; + # MemoryDenyWriteExecute = true; needed since 0.25.1 NoNewPrivileges = true; PrivateUsers = true; PrivateTmp = true; |