noa/nixconf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

restrict access to address families

Browse source
This commit is contained in:
Noa Aarts 2025-03-14 10:18:13 +01:00
parent 69b61ba854
commit 34287c34d2
Signed by: noa
GPG key ID: 1850932741EFF672
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/nuos/configuration.nix
View file

@ -193,6 +193,8 @@ in
ProtectHostname = true; ProtectHostname = true;
PrivateTmp = true; PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
PrivateUsers = true;
RestrictAddressFamilies = "AF_INET";
ProtectKernelTunables = true; ProtectKernelTunables = true;
RestrictNamespaces = true; RestrictNamespaces = true;
CapabilityBoundingSet = ""; CapabilityBoundingSet = "";