diff options
Diffstat (limited to 'nixos/modules/services/security/tor.nix')
-rw-r--r-- | nixos/modules/services/security/tor.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix index 54c2c2dea23..b58412e2424 100644 --- a/nixos/modules/services/security/tor.nix +++ b/nixos/modules/services/security/tor.nix @@ -1007,6 +1007,7 @@ in # Tor cannot currently bind privileged port when PrivateUsers=true, # see https://gitlab.torproject.org/legacy/trac/-/issues/20930 PrivateUsers = !bindsPrivilegedPort; + ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; @@ -1014,6 +1015,7 @@ in ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; + ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; |