Unverified Commit bf496bd1 authored by Florian Klink's avatar Florian Klink Committed by GitHub
Browse files

nixos/gerrit: Enable PrivateMounts hardening in service config (#448492)

parents 6add87b7 26d0023f

nixos/modules/services/web-apps/gerrit.nix

+1 −0
Original line number Diff line number Diff line
@@ -234,6 +234,7 @@ in 
        LockPersonality = true;

        NoNewPrivileges = true;

        PrivateDevices = true;

        PrivateMounts = true;

        PrivateTmp = true;

        ProtectClock = true;

        ProtectControlGroups = "strict";