Commit 6e634ecb authored by Jakob Wenzel's avatar Jakob Wenzel
Browse files

nixos/nixseparatedebuginfod2: Relax too strict hardening 

All debuginfo downloads were failing because downloading uses "nix
store --restore", which seems to need access to /proc. Blocking this
access via ProcSubset is even noted in systemd's documentation as
"not suitable for most non-trivial programs".
parent a82ccc39

nixos/modules/services/development/nixseparatedebuginfod2.nix

+0 −1
Original line number Diff line number Diff line
@@ -87,7 +87,6 @@ in 
        ProtectKernelLogs = true; # Prevent access to kernel logs

        ProtectClock = true; # Prevent setting the RTC

        ProtectProc = "noaccess";

        ProcSubset = "pid";



        # Networking

        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";