We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent db6c599 commit 4d2bb49Copy full SHA for 4d2bb49
nixos/modules/services/web-apps/meme-bingo-web.nix
@@ -89,6 +89,9 @@ in
89
InaccessiblePaths = [
90
"/dev/shm"
91
"/sys"
92
+ "/run/dbus"
93
+ "/run/user"
94
+ "/run/nscd"
95
];
96
LockPersonality = true;
97
PrivateDevices = true;
@@ -124,6 +127,8 @@ in
124
127
RemoveIPC = true;
125
128
NoNewPrivileges = true;
126
129
MemoryDenyWriteExecute = true;
130
+ ExecPaths = [ "/nix/store" ];
131
+ NoExecPaths = [ "/" ];
132
};
133
134
0 commit comments