Loading nixos/modules/services/web-apps/echoip.nix +13 −6 Original line number Diff line number Diff line Loading @@ -75,9 +75,12 @@ in ); # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = [ "" ]; DeviceAllow = [ "" ]; DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; NoNewPrivileges = true; PrivateDevices = true; PrivateTmp = true; PrivateUsers = true; Loading @@ -91,15 +94,19 @@ in ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET AF_INET6 AF_UNIX" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "setrlimit" ]; UMask = "0077"; }; }; Loading nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -353,7 +353,7 @@ in { early-mount-options = handleTest ./early-mount-options.nix {}; ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {}; ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {}; echoip = handleTest ./echoip.nix {}; echoip = runTest ./echoip.nix; ecryptfs = handleTest ./ecryptfs.nix {}; fscrypt = handleTest ./fscrypt.nix {}; fastnetmon-advanced = runTest ./fastnetmon-advanced.nix; Loading nixos/tests/echoip.nix +23 −24 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: { name = "echoip"; meta.maintainers = with lib.maintainers; [ defelo ]; Loading @@ -26,4 +26,3 @@ import ./make-test-python.nix ( assert resp.strip() == "::1" ''; } ) Loading
nixos/modules/services/web-apps/echoip.nix +13 −6 Original line number Diff line number Diff line Loading @@ -75,9 +75,12 @@ in ); # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = [ "" ]; DeviceAllow = [ "" ]; DevicePolicy = "closed"; LockPersonality = true; MemoryDenyWriteExecute = true; NoNewPrivileges = true; PrivateDevices = true; PrivateTmp = true; PrivateUsers = true; Loading @@ -91,15 +94,19 @@ in ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET AF_INET6 AF_UNIX" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" "setrlimit" ]; UMask = "0077"; }; }; Loading
nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -353,7 +353,7 @@ in { early-mount-options = handleTest ./early-mount-options.nix {}; ec2-config = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-config or {}; ec2-nixops = (handleTestOn ["x86_64-linux"] ./ec2.nix {}).boot-ec2-nixops or {}; echoip = handleTest ./echoip.nix {}; echoip = runTest ./echoip.nix; ecryptfs = handleTest ./ecryptfs.nix {}; fscrypt = handleTest ./fscrypt.nix {}; fastnetmon-advanced = runTest ./fastnetmon-advanced.nix; Loading
nixos/tests/echoip.nix +23 −24 Original line number Diff line number Diff line import ./make-test-python.nix ( { lib, ... }: { name = "echoip"; meta.maintainers = with lib.maintainers; [ defelo ]; Loading @@ -26,4 +26,3 @@ import ./make-test-python.nix ( assert resp.strip() == "::1" ''; } )
