alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Pull requests Activity

Merge pull request from ShaRose/patch-1

Browse source 
nixos/dnsdist: Add CAP_NET_BIND_SERVICE to AmbientCapabilities
This commit is contained in:
Silvan Mosberger 2019-11-09 00:07:09 +01:00 committed by GitHub
commit 3022fde292
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions

5
nixos/modules/services/networking/dnsdist.nix
View file

@ -46,11 +46,10 @@ in {
RestartSec="1";
DynamicUser = true;
StartLimitInterval="0";
PrivateTmp=true;
PrivateDevices=true;
CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";
AmbientCapabilities="CAP_NET_BIND_SERVICE";
CapabilityBoundingSet="CAP_NET_BIND_SERVICE";
ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";
ProtectSystem="full";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
LimitNOFILE="16384";