pyrox.dev
nixos/zigbee2mqtt: only add port to DeviceAllow if it is a device (#356573)
authored by Martin Weinelt and committed by GitHub f3a1d218 66d813d9
+1
-3
nixos/modules/services/home-automation/zigbee2mqtt.nix
+1
-3
nixos/modules/services/home-automation/zigbee2mqtt.nix
···
76
76
77
77
# Hardening
78
78
CapabilityBoundingSet = "";
79
-
DeviceAllow = [
80
-
config.services.zigbee2mqtt.settings.serial.port
81
-
];
79
+
DeviceAllow = lib.optionals (lib.hasPrefix "/" cfg.settings.serial.port) [ cfg.settings.serial.port ];
82
80
DevicePolicy = "closed";
83
81
LockPersonality = true;
84
82
MemoryDenyWriteExecute = false;