owncloud/module.nix: unharden

2025-04-16 22:34:25 +02:00 · 2025-04-16 22:34:25 +02:00 · 1c662fcce6
commit 1c662fcce6
parent 288289d6ce
1 changed files with 12 additions and 12 deletions
--- a/modules/services/owncloud/module.nix
+++ b/modules/services/owncloud/module.nix
@ -30,19 +30,19 @@ in {
        # User = "cr";
        # Group = "cr";

-        Keyringmode = "shared";
-        DevicePolicy = "closed";
-        PrivateDevices = true;
-        PrivateTmp = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectControlGroup = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
+        #   Keyringmode = "shared";
+        #   DevicePolicy = "closed";
+        #   PrivateDevices = true;
+        #   PrivateTmp = true;
+        #   ProtectClock = true;
+        #   ProtectControlGroups = true;
+        #   ProtectControlGroup = true;
+        #   ProtectKernelLogs = true;
+        #   ProtectKernelModules = true;
+        #   ProtectKernelTunables = true;

-        ProtectSystem = "strict";
-        SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
+        #   ProtectSystem = "strict";
+        #   SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
      };
    };
  };