summary refs log tree commit diff
path: root/nixos/modules/services/web-servers/phpfpm/default.nix
diff options
context:
space:
mode:
authorFlorian Klink <flokli@flokli.de>2019-11-21 23:31:19 +0100
committerFlorian Klink <flokli@flokli.de>2019-11-21 23:31:19 +0100
commit4321a88f44e8e7fd9ac39a4b53463c8588eed1c3 (patch)
tree6969f7e46bc7ab5f1dffe521d7d1915dae364569 /nixos/modules/services/web-servers/phpfpm/default.nix
parent758efb93480ed94d718c824a4472a3f5cae551c9 (diff)
downloadnixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.gz
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.bz2
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.lz
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.xz
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.tar.zst
nixpkgs-4321a88f44e8e7fd9ac39a4b53463c8588eed1c3.zip
nixos/phpfpm: enable PrivateTmp=true
This seems to be mostly a pre - #57677 relict. As postgresql sockets now
are not in /tmp anymore, isolate /tmp.
Diffstat (limited to 'nixos/modules/services/web-servers/phpfpm/default.nix')
-rw-r--r--nixos/modules/services/web-servers/phpfpm/default.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/phpfpm/default.nix b/nixos/modules/services/web-servers/phpfpm/default.nix
index 095de64dfb1..7698f8c3a26 100644
--- a/nixos/modules/services/web-servers/phpfpm/default.nix
+++ b/nixos/modules/services/web-servers/phpfpm/default.nix
@@ -262,6 +262,7 @@ in {
         in {
           Slice = "phpfpm.slice";
           PrivateDevices = true;
+          PrivateTmp = true;
           ProtectSystem = "full";
           ProtectHome = true;
           # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-20 15:06:31 +0000