summary refs log tree commit diff
path: root/nixos/modules/services/networking/dnsdist.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking/dnsdist.nix')
-rw-r--r--nixos/modules/services/networking/dnsdist.nix5
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix
index 12eee136e63..8249da69bc1 100644
--- a/nixos/modules/services/networking/dnsdist.nix
+++ b/nixos/modules/services/networking/dnsdist.nix
@@ -46,11 +46,10 @@ in {
         RestartSec="1";
         DynamicUser = true;
         StartLimitInterval="0";
-        PrivateTmp=true;
         PrivateDevices=true;
-        CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";
+        AmbientCapabilities="CAP_NET_BIND_SERVICE";
+        CapabilityBoundingSet="CAP_NET_BIND_SERVICE";
         ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";
-        ProtectSystem="full";
         ProtectHome=true;
         RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
         LimitNOFILE="16384";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-10 02:45:18 +0000