diff options
| author | Aaron Andersen <aaron@fosslib.net> | 2021-03-03 07:19:35 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-03 07:19:35 -0500 |
| commit | 9798ed1a3d3400b39216cd31c64237e0aba99d81 (patch) | |
| tree | 96cf428868a5aaa82902ade20a102875c427901b /nixos/modules/services/web-servers | |
| parent | 09ed39bf5b7fd0a34f336253ec45be7596526c35 (diff) | |
| parent | 7d2829c0a004e9ee27115be0bc41c2e7787675cb (diff) | |
| download | nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar.gz nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar.bz2 nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar.lz nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar.xz nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.tar.zst nixpkgs-9798ed1a3d3400b39216cd31c64237e0aba99d81.zip | |
Merge pull request #111011 from waldheinz/nginx-mem-write-exec
nixos/nginx: fix MemoryDenyWriteExecute not being disabled when needed
Diffstat (limited to 'nixos/modules/services/web-servers')
| -rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index fa8614e8ec1..f3175793ebe 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -804,7 +804,7 @@ in ProtectControlGroups = true; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; LockPersonality = true; - MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) pkgs.nginx.modules); + MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) cfg.package.modules); RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; |