summary refs log tree commit diff
path: root/nixos/modules
diff options
context:
space:
mode:
authorArtturin <Artturin@artturin.com>2021-09-23 05:51:58 +0300
committerArtturin <Artturin@artturin.com>2021-09-23 05:54:19 +0300
commit7001a46766ee32dffdfab5e52081350ada72fcac (patch)
tree29096a07aac7aa2a7b0f16f91cd3ba08091903ca /nixos/modules
parent25d3e6d01fcd8cbdbc1c5690a0930f5ecdd94078 (diff)
downloadnixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar.gz
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar.bz2
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar.lz
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar.xz
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.tar.zst
nixpkgs-7001a46766ee32dffdfab5e52081350ada72fcac.zip
nixos/snapper: services.snapperd sync serviceConfig with upstream
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/services/misc/snapper.nix7


1 files changed, 7 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/snapper.nix b/nixos/modules/services/misc/snapper.nix
index 5c460660ed5..7ab5e147335 100644
--- a/nixos/modules/services/misc/snapper.nix
+++ b/nixos/modules/services/misc/snapper.nix
@@ -138,6 +138,13 @@ in
         Type = "dbus";
         BusName = "org.opensuse.Snapper";
         ExecStart = "${pkgs.snapper}/bin/snapperd";
+        CapabilityBoundingSet = "CAP_DAC_OVERRIDE CAP_FOWNER CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_SYS_ADMIN CAP_SYS_MODULE CAP_IPC_LOCK CAP_SYS_NICE";
+        LockPersonality = true;
+        NoNewPrivileges = false;
+        PrivateNetwork = true;
+        ProtectHostname = true;
+        RestrictAddressFamilies = "AF_UNIX";
+        RestrictRealtime = true;
       };
     };
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 19:14:43 +0000