faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

owncloud/module.nix: unharden

Browse source
This commit is contained in:
Charlie Root 2025-04-16 22:34:25 +02:00 committed by Bloxx12
commit 1c662fcce6
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/services/owncloud/module.nix
View file

@ -30,19 +30,19 @@ in {
# User = "cr"; # User = "cr";
# Group = "cr"; # Group = "cr";
Keyringmode = "shared"; # Keyringmode = "shared";
DevicePolicy = "closed"; # DevicePolicy = "closed";
PrivateDevices = true; # PrivateDevices = true;
PrivateTmp = true; # PrivateTmp = true;
ProtectClock = true; # ProtectClock = true;
ProtectControlGroups = true; # ProtectControlGroups = true;
ProtectControlGroup = true; # ProtectControlGroup = true;
ProtectKernelLogs = true; # ProtectKernelLogs = true;
ProtectKernelModules = true; # ProtectKernelModules = true;
ProtectKernelTunables = true; # ProtectKernelTunables = true;
ProtectSystem = "strict"; # ProtectSystem = "strict";
SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged"; # SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
}; };
}; };
}; };