diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-07-21 16:38:51 +0200 |
|---|---|---|
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-07-21 16:38:51 +0200 |
| commit | ee26807e35e436cd0a29d32a58577a3c01f2e860 (patch) | |
| tree | fc7c5fd985b08f3c6f17a04be29564df58a72453 /nixos | |
| parent | 8abcc6ba09d0a8978f901fecf66fe8072de02ab9 (diff) | |
| download | nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar.gz nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar.bz2 nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar.lz nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar.xz nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.tar.zst nixpkgs-ee26807e35e436cd0a29d32a58577a3c01f2e860.zip | |
nixos/pppd: allow AF_NETLINK
The pppd daemon starting with version 2.4.9 uses rtnetlink to configure the ipv6 peer address on the ppp interface. It therefore requires allowing AF_NETLINK sockets.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/pppd.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/pppd.nix b/nixos/modules/services/networking/pppd.nix index 45c841dbea8..37f44f07ac4 100644 --- a/nixos/modules/services/networking/pppd.nix +++ b/nixos/modules/services/networking/pppd.nix @@ -111,7 +111,17 @@ in ProtectKernelTunables = false; ProtectSystem = "strict"; RemoveIPC = true; - RestrictAddressFamilies = "AF_PACKET AF_UNIX AF_PPPOX AF_ATMPVC AF_ATMSVC AF_INET AF_INET6 AF_IPX"; + RestrictAddressFamilies = [ + "AF_ATMPVC" + "AF_ATMSVC" + "AF_INET" + "AF_INET6" + "AF_IPX" + "AF_NETLINK" + "AF_PACKET" + "AF_PPPOX" + "AF_UNIX" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; |