Commit 17f95268 authored by linsui's avatar linsui
Browse files

nixos/readeck: add back MemoryDenyWriteExecute 

SQLite driver is reverted to its CGO version so this can be enabled
parent 49860b21

nixos/modules/services/web-apps/readeck.nix

+1 −0
Original line number Diff line number Diff line
@@ -69,6 +69,7 @@ in 
        ExecStart = "${lib.getExe cfg.package} serve -config ${configFile}";

        ProtectSystem = "full";

        SystemCallArchitectures = "native";

        MemoryDenyWriteExecute = true;

        NoNewPrivileges = true;

        PrivateTmp = true;

        PrivateDevices = true;