diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2017-02-05 04:42:16 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-02-05 04:54:18 +0100 |
commit | a0338afe5faa9f9e403e2caa52e4a8b60c272be9 (patch) | |
tree | 312b27fcfa1acde09cfb2333180adffd12889a33 /nixos/modules/services/networking/cjdns.nix | |
parent | f9c684e1528c6e595580f4c6cdb3d6f22ae6a2e4 (diff) | |
download | nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar.gz nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar.bz2 nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar.lz nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar.xz nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.tar.zst nixpkgs-a0338afe5faa9f9e403e2caa52e4a8b60c272be9.zip |
cjdns service: allow writing keys to /etc
20e81f7c0d56e0b179115ca72a85b81ff637d909 prevented key generation in `preStart`, leaving the service broken for the case where the user has no pre-existing key. Eventually, we ought to store the state elsewhere so that `/etc` can be read-only but for now we fix this the easy way.
Diffstat (limited to 'nixos/modules/services/networking/cjdns.nix')
-rw-r--r-- | nixos/modules/services/networking/cjdns.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/cjdns.nix b/nixos/modules/services/networking/cjdns.nix index a10851c1652..d478e45f946 100644 --- a/nixos/modules/services/networking/cjdns.nix +++ b/nixos/modules/services/networking/cjdns.nix @@ -260,7 +260,7 @@ in RestartSec = 1; CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW"; AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW"; - ProtectSystem = "full"; + ProtectSystem = true; MemoryDenyWriteExecute = true; ProtectHome = true; PrivateTmp = true; |