pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #122452 from ju1m/tor

authored by

Sandro and committed by
GitHub e5ac2e1a 33ffba99

+2
unified split
+2
nixos/modules/services/security/tor.nix
··· 1012 1012 # Tor cannot currently bind privileged port when PrivateUsers=true, 1013 1013 # see https://gitlab.torproject.org/legacy/trac/-/issues/20930 1014 1014 PrivateUsers = !bindsPrivilegedPort; 1015 + ProcSubset = "pid"; 1015 1016 ProtectClock = true; 1016 1017 ProtectControlGroups = true; 1017 1018 ProtectHome = true; ··· 1019 1020 ProtectKernelLogs = true; 1020 1021 ProtectKernelModules = true; 1021 1022 ProtectKernelTunables = true; 1023 + ProtectProc = "invisible"; 1022 1024 ProtectSystem = "strict"; 1023 1025 RemoveIPC = true; 1024 1026 RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ];