diff options
| author | Will Dietz <w@wdtz.org> | 2019-05-07 22:53:09 -0500 |
|---|---|---|
| committer | Will Dietz <w@wdtz.org> | 2019-05-07 22:53:09 -0500 |
| commit | e5d049e46978ccdcf114852d161be66224351724 (patch) | |
| tree | 4146cdf941355868c684d8d0dcc7ed72a62d0b31 | |
| parent | a2bdd63c4f6e7ddca774f2941251e44d42191fe7 (diff) | |
| download | nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar.gz nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar.bz2 nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar.lz nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar.xz nixpkgs-e5d049e46978ccdcf114852d161be66224351724.tar.zst nixpkgs-e5d049e46978ccdcf114852d161be66224351724.zip | |
rngd: harden service config, from arch
| -rw-r--r-- | nixos/modules/security/rngd.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix index 60361d9960e..d9d6d9c9f25 100644 --- a/nixos/modules/security/rngd.nix +++ b/nixos/modules/security/rngd.nix @@ -42,6 +42,11 @@ in serviceConfig = { ExecStart = "${pkgs.rng-tools}/sbin/rngd -f" + optionalString cfg.debug " -d"; + NoNewPrivileges = true; + PrivateNetwork = true; + PrivateTmp = true; + ProtectSystem = "full"; + ProtectHome = true; }; }; }; |