nixos/opendkim: Fix CapabilityBoundingSet option
An empty list results in no CapabilityBoundingSet at all, an empty string however will set `CapabilityBoundingSet=`, which represents a closed set. Related: #120617
This commit is contained in:
parent
6af7bcbd93
commit
3a9609613d
1 changed files with 1 additions and 1 deletions
|
@ -134,7 +134,7 @@ in {
|
||||||
ReadWritePaths = [ cfg.keyPath ];
|
ReadWritePaths = [ cfg.keyPath ];
|
||||||
|
|
||||||
AmbientCapabilities = [];
|
AmbientCapabilities = [];
|
||||||
CapabilityBoundingSet = [];
|
CapabilityBoundingSet = "";
|
||||||
DevicePolicy = "closed";
|
DevicePolicy = "closed";
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
|
|
Loading…
Reference in a new issue