diff options
author | Pierre Bourdon <delroth@gmail.com> | 2021-08-25 06:03:41 +0200 |
---|---|---|
committer | Pierre Bourdon <delroth@gmail.com> | 2021-08-25 06:03:41 +0200 |
commit | 6b70d3e911b55ecaec0cd9c034e1b3d786a0b772 (patch) | |
tree | 56036be47ca122dc25e7ac23195d6a53e9e4ec2b /nixos/modules/services/security/tor.nix | |
parent | fa41cccba6ad3843a7ad59d6e81185c25f4431dd (diff) | |
download | nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar.gz nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar.bz2 nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar.lz nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar.xz nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.tar.zst nixpkgs-6b70d3e911b55ecaec0cd9c034e1b3d786a0b772.zip |
nixos/tor: allow AF_NETLINK address family
Tor attempts to detect what external IP address a machine is using by listing addresses on all network interfaces on the system. This listing is done using getifaddrs(3), which relies on netlink in order to get IPv6 address information. This change fixes Tor not finding the relay's IPv6 address unless explicitly configured via either an ORPort directive or via DNS resolution of the machine hostname.
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 9e8f18e93c8..1e1f443905d 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -1022,7 +1022,7 @@ in ProtectKernelTunables = true; ProtectSystem = "strict"; RemoveIPC = true; - RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; |