MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-17 15:22:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #122452 from ju1m/tor

Browse source
This commit is contained in:
Sandro 2021-11-09 21:50:57 +01:00 committed by GitHub
commit e5ac2e1a52
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/security/tor.nix
View file

@ -1012,6 +1012,7 @@ in
# Tor cannot currently bind privileged port when PrivateUsers=true,
# see https://gitlab.torproject.org/legacy/trac/-/issues/20930
PrivateUsers = !bindsPrivilegedPort;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
@ -1019,6 +1020,7 @@ in
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];