about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorhappysalada <raphael@megzari.com>2023-11-20 20:49:53 +0100
committerYt <happysalada@tuta.io>2023-11-22 03:08:30 +0000
commiteb746540a970e1fd1c45c92c75dbc87ffb77f3a1 (patch)
tree82407cbfc64ddaefc432e539f16a1e05c33a8e07 /nixos
parentef6b8ff15a75d3c4ed8a3a104271ed5eab16686a (diff)
downloadnixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar.gz
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar.bz2
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar.lz
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar.xz
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.tar.zst
nixlib-eb746540a970e1fd1c45c92c75dbc87ffb77f3a1.zip
nixos/clamav: run as clamav user not root
Diffstat (limited to 'nixos')
-rw-r--r--nixos/modules/services/security/clamav.nix4


1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix
index fd0ca0323c23..a43435f2cdbb 100644
--- a/nixos/modules/services/security/clamav.nix
+++ b/nixos/modules/services/security/clamav.nix
@@ -110,6 +110,8 @@ in
       serviceConfig = {
         ExecStart = "${pkg}/bin/clamd";
         ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
+        User = clamavUser;
+        Group = clamavGroup;
         StateDirectory = "clamav";
         RuntimeDirectory = "clamav";
         PrivateTmp = "yes";
@@ -138,6 +140,8 @@ in
         SuccessExitStatus = "1"; # if databases are up to date
         StateDirectory = "clamav";
         RuntimeDirectory = "clamav";
+        User = clamavUser;
+        Group = clamavGroup;
         PrivateTmp = "yes";
         PrivateDevices = "yes";
       };

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-03 04:53:45 +0000