summary refs log tree commit diff
path: root/nixos/modules/services/web-apps/mastodon.nix
diff options
context:
space:
mode:
authorIzorkin <izorkin@elven.pw>2021-05-12 11:22:44 +0300
committerKerstin <kerstin@erictapen.name>2021-11-06 16:45:20 +0100
commit943f15d4b76e13c19ac08a298bc12f7b6f14b931 (patch)
treec19d9748e2681b3eba32a632046ad10a347217b7 /nixos/modules/services/web-apps/mastodon.nix
parente62c9ce9328dfea2ca48d84ec40680f18a53d100 (diff)
downloadnixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar.gz
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar.bz2
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar.lz
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar.xz
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.tar.zst
nixpkgs-943f15d4b76e13c19ac08a298bc12f7b6f14b931.zip
nixos/mastodon: add new sandboxing options
Diffstat (limited to 'nixos/modules/services/web-apps/mastodon.nix')
-rw-r--r--nixos/modules/services/web-apps/mastodon.nix4


1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix
index 2458cb3b594..7c148ee76e4 100644
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@@ -50,6 +50,9 @@ let
     # Logs directory and mode
     LogsDirectory = "mastodon";
     LogsDirectoryMode = "0750";
+    # Proc filesystem
+    ProcSubset = "pid";
+    ProtectProc = "invisible";
     # Access write directories
     UMask = "0027";
     # Capabilities
@@ -74,6 +77,7 @@ let
     MemoryDenyWriteExecute = false;
     RestrictRealtime = true;
     RestrictSUIDSGID = true;
+    RemoveIPC = true;
     PrivateMounts = true;
     # System Call Filtering
     SystemCallArchitectures = "native";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-24 21:52:18 +0000