diff options
author | pennae <github@quasiparticle.net> | 2021-11-26 18:44:50 +0100 |
---|---|---|
committer | pennae <github@quasiparticle.net> | 2021-11-30 19:51:45 +0100 |
commit | 8072ee22f2c8bbe7c2120ab9bd605de4560cf905 (patch) | |
tree | 84d1477f4c1671af145fddd9999c4650f021548d /nixos | |
parent | 5269674a6de416c9acd1981e199c20cd5c20b627 (diff) | |
download | nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar.gz nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar.bz2 nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar.lz nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar.xz nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.tar.zst nixpkgs-8072ee22f2c8bbe7c2120ab9bd605de4560cf905.zip |
dhcpcd, nixos/dhcpcd: enable privsep
dhdpcd 9 support privilege separation with a dedicated user and seccomp filtering. this has been enabled for a while in other distributions as well. if the dhcpcd module is not used and the _dhcpcd user/group isn't definied otherwise dhcpcd will fall back to not using privsep.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/dhcpcd.nix | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index 7d50c9477bd..0c69caa64bb 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -214,6 +214,12 @@ in }; }; + users.users._dhcpcd = { + isSystemUser = true; + group = "_dhcpcd"; + }; + users.groups._dhcpcd = {}; + environment.systemPackages = [ dhcpcd ]; environment.etc."dhcpcd.exit-hook".source = exitHook; |