Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit e1e7ee89 authored Dec 02, 2025 by Jonathan Davies

nixos/prometheus: Enable CapabilityBoundingSet hardening

parent 46ce9a46

nixos/modules/services/monitoring/prometheus/default.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -1980,6 +1980,7 @@ in
		StateDirectory = cfg.stateDir;
		StateDirectoryMode = "0700";
		# Hardening
		CapabilityBoundingSet = [ "" ];
		DeviceAllow = [ "/dev/null rw" ];
		DevicePolicy = "strict";
		LockPersonality = true;

Admin message