BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #49395 from dtzWill/update/upower-0.99.9

Browse source 
upower: 0.99.7 -> 0.99.9, lock down service
This commit is contained in:
xeji 2018-10-30 15:57:11 +01:00 committed by GitHub
commit 1d9481a127
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
nixos/modules/services/hardware/upower.nix
View file

@ -56,6 +56,32 @@ in
{ Type = "dbus"; { Type = "dbus";
BusName = "org.freedesktop.UPower"; BusName = "org.freedesktop.UPower";
ExecStart = "@${cfg.package}/libexec/upowerd upowerd"; ExecStart = "@${cfg.package}/libexec/upowerd upowerd";
Restart = "on-failure";
# Upstream lockdown:
# Filesystem lockdown
ProtectSystem = "strict";
# Needed by keyboard backlight support
ProtectKernelTunables = false;
ProtectControlGroups = true;
ReadWritePaths = "/var/lib/upower";
ProtectHome = true;
PrivateTmp = true;
# Network
# PrivateNetwork=true would block udev's netlink socket
RestrictAddressFamilies = "AF_UNIX AF_NETLINK";
# Execute Mappings
MemoryDenyWriteExecute = true;
# Modules
ProtectKernelModules = true;
# Real-time
RestrictRealtime = true;
# Privilege escalation
NoNewPrivileges = true;
}; };
}; };

6
pkgs/os-specific/linux/upower/default.nix
View file

@ -4,11 +4,11 @@
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "upower-0.99.7"; name = "upower-0.99.9";
src = fetchurl { src = fetchurl {
url = "https://upower.freedesktop.org/releases/${name}.tar.xz"; url = https://gitlab.freedesktop.org/upower/upower/uploads/2282c7c0e53fb31816b824c9d1f547e8/upower-0.99.9.tar.xz;
sha256 = "00d4830yvg84brdhz4kn60lr3r8rn2y8gdbhmhxm78i5mgvc5g14"; sha256 = "046ix7j7hmb7ycv8v54668kjsrgjhzwxn299c1d87vdnkd38kfh1";
}; };
buildInputs = buildInputs =