diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-10 01:10:29 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-09-22 23:53:06 +0200 |
| commit | 15a4f9d8efd4418bc748b57aa7df377b1c024974 (patch) | |
| tree | 7c686723b145ededf6e294f7043ffc5702574bc5 | |
| parent | 84bd2f4ab04b8b53718db6b5ba208a62ae083941 (diff) | |
| download | nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar.gz nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar.bz2 nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar.lz nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar.xz nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.tar.zst nixpkgs-15a4f9d8efd4418bc748b57aa7df377b1c024974.zip | |
nixos/hardened: simplify script
| -rw-r--r-- | nixos/modules/security/lock-kernel-modules.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/security/lock-kernel-modules.nix b/nixos/modules/security/lock-kernel-modules.nix index 260ec3fc946..30fdb1e2bab 100644 --- a/nixos/modules/security/lock-kernel-modules.nix +++ b/nixos/modules/security/lock-kernel-modules.nix @@ -21,15 +21,15 @@ with lib; description = "Disable kernel module loading"; wantedBy = [ config.systemd.defaultUnit ]; - after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy; - script = "echo -n 1 > /proc/sys/kernel/modules_disabled"; + after = [ "systemd-udev-settle.service" "firewall.service" "systemd-modules-load.service" ] ++ wantedBy; unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel"; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; + ExecStart = "/bin/sh -c 'echo -n 1 >/proc/sys/kernel/modules_disabled'"; }; }; }; |