pyrox.dev
Merge pull request #280561 from RaitoBezarius/fix-listmonk-module
nixos/mail/listmonk: fix hardening directives
authored by Ryan Lahfa and committed by GitHub bbd92ae0 44596db6
+2
-3
nixos/modules/services/mail/listmonk.nix
+2
-3
nixos/modules/services/mail/listmonk.nix
···
201
201
DynamicUser = true;
202
202
NoNewPrivileges = true;
203
203
CapabilityBoundingSet = "";
204
-
SystemCallArchitecture = "native";
204
+
SystemCallArchitectures = "native";
205
205
SystemCallFilter = [ "@system-service" "~@privileged" ];
206
-
ProtectDevices = true;
206
+
PrivateDevices = true;
207
207
ProtectControlGroups = true;
208
208
ProtectKernelTunables = true;
209
209
ProtectHome = true;
210
-
DeviceAllow = false;
211
210
RestrictNamespaces = true;
212
211
RestrictRealtime = true;
213
212
UMask = "0027";