ghoscht/arion
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos-init.nix: Remove /tmp -o noexec

Browse source
This commit is contained in:
Robert Hensing 2019-03-11 14:38:07 +01:00
parent ac49df440f
commit c6374e0931
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/nix/modules/service/nixos-init.nix
View file

@ -29,9 +29,9 @@ in
"/sys/fs/cgroup:/sys/fs/cgroup:ro" "/sys/fs/cgroup:/sys/fs/cgroup:ro"
]; ];
service.tmpfs = [ service.tmpfs = [
"/tmp" "/tmp:exec,mode=777"
"/run" "/run" # noexec is fine because exes should be symlinked from elsewhere anyway
"/run/wrappers" "/run/wrappers" # noexec breaks this intentionally
]; ];
service.stop_signal = "SIGRTMIN+3"; service.stop_signal = "SIGRTMIN+3";
service.tty = true; service.tty = true;