diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-05 12:25:31 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-05 13:21:31 +0100 |
| commit | ad88f1040e2556ba678afb33dac28387ddd3543a (patch) | |
| tree | 358e83072f57a06ccf7403fa59d7d49c624fd995 /nixos/modules/services/networking/privoxy.nix | |
| parent | 54cea02d907571e322a21a21f1e6ce0433520e10 (diff) | |
| download | nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar.gz nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar.bz2 nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar.lz nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar.xz nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.tar.zst nixpkgs-ad88f1040e2556ba678afb33dac28387ddd3543a.zip | |
privoxy service: additional isolation
Diffstat (limited to 'nixos/modules/services/networking/privoxy.nix')
| -rw-r--r-- | nixos/modules/services/networking/privoxy.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix index 94beb78ef5a..e74fe44d76e 100644 --- a/nixos/modules/services/networking/privoxy.nix +++ b/nixos/modules/services/networking/privoxy.nix @@ -100,6 +100,11 @@ in after = [ "network.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${privoxy}/sbin/privoxy --no-daemon --user ${privoxyUser} ${confFile}"; + + serviceConfig.PrivateDevices = true; + serviceConfig.PrivateTmp = true; + serviceConfig.ProtectHome = true; + serviceConfig.ProtectSystem = "full"; }; }; |