apps/cunicu
1
0
Fork 0
mirror of https://codeberg.org/cunicu/cunicu.git synced 2025-09-27 13:12:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(systemd): add ReadWritePaths for /etc/hosts

Browse Source 
Signed-off-by: Adam Rizkalla <ajarizzo@gmail.com>
This commit is contained in:
Adam Rizkalla
2025-03-01 23:28:09 +00:00
committed by Steffen Vogel
parent e073af34ab
commit b798180358
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
etc/systemd/cunicu.service
View File

@@ -46,6 +46,7 @@ ProtectKernelLogs=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectProc=invisible ProtectProc=invisible
ProtectSystem=strict ProtectSystem=strict
ReadWritePaths=-/etc/hosts
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes RestrictNamespaces=yes
RestrictRealtime=yes RestrictRealtime=yes

3
nix/module.nix
View File

@@ -154,6 +154,9 @@ in
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectProc = "invisible"; ProtectProc = "invisible";
ProtectSystem = "strict"; ProtectSystem = "strict";
ReadWritePaths = [
"-/etc/hosts"
];
RestrictAddressFamilies = [ RestrictAddressFamilies = [
"AF_UNIX" "AF_UNIX"
"AF_INET" "AF_INET"