about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/modules/services/networking/dnscrypt-proxy.nix4
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix
index 636caf25a552..ad1559e21df7 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy.nix
@@ -285,7 +285,9 @@ in
         PrivateTmp = true;
         PrivateDevices = true;
         ProtectHome = true;
-        ProtectSystem = true;
+        ProtectSystem = "strict";
+        ReadWritePaths = "${dirOf stateDirectory} ${stateDirectory}";
+        SystemCallFilter = "~@mount";
       };
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 01:17:49 +0000