Unverified Commit f3a1d218 authored by Martin Weinelt's avatar Martin Weinelt Committed by GitHub
Browse files

nixos/zigbee2mqtt: only add port to DeviceAllow if it is a device (#356573)

parents 66d813d9 577e1620

nixos/modules/services/home-automation/zigbee2mqtt.nix

+1 −3
Original line number Diff line number Diff line
@@ -76,9 +76,7 @@ in 


        # Hardening

        CapabilityBoundingSet = "";

        DeviceAllow = [

          config.services.zigbee2mqtt.settings.serial.port

        ];

        DeviceAllow = lib.optionals (lib.hasPrefix "/" cfg.settings.serial.port) [ cfg.settings.serial.port ];

        DevicePolicy = "closed";

        LockPersonality = true;

        MemoryDenyWriteExecute = false;