diff options
Diffstat (limited to 'nixos/modules/services/web-servers/nginx/default.nix')
-rw-r--r-- | nixos/modules/services/web-servers/nginx/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 16c56dc745f..75fe1df506b 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -724,7 +724,7 @@ in ProtectControlGroups = true; RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; LockPersonality = true; - MemoryDenyWriteExecute = mkDefault true; + MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) pkgs.nginx.modules); RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; |