diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2021-11-09 21:50:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-09 21:50:57 +0100 |
commit | e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e (patch) | |
tree | a168368fcaf3b6ca928a2e053e38f9d4646477f1 /nixos/modules/services/security | |
parent | 33ffba995d853658fb4db5f63ffb8ddc454c666f (diff) | |
parent | cd1f6bc712e7f337a44ab5ee7fdb67745f850b9b (diff) | |
download | nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar.gz nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar.bz2 nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar.lz nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar.xz nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.tar.zst nixpkgs-e5ac2e1a52bbc9b7aaedd7ffc0b059471f20107e.zip |
Merge pull request #122452 from ju1m/tor
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index c94b248d5f1..c3e3248ee8a 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -1012,6 +1012,7 @@ in # Tor cannot currently bind privileged port when PrivateUsers=true, # see https://gitlab.torproject.org/legacy/trac/-/issues/20930 PrivateUsers = !bindsPrivilegedPort; + ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; @@ -1019,6 +1020,7 @@ in ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; + ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" "AF_NETLINK" ]; |