From c2af1ff281e44225d1f560f17e49103c70075015 Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Thu, 13 May 2021 20:59:24 +0200 Subject: [PATCH] nixos/hylafax: enable `ProtectKernelLogs` for most services Also document that `ProtectClock` blocks access to serial line. I couldn't found out why this is the case, but faxgetty complains about the device file not being accessible with `ProtectClock=true`. --- nixos/modules/services/networking/hylafax/systemd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/networking/hylafax/systemd.nix b/nixos/modules/services/networking/hylafax/systemd.nix index 251a6f6457f1..4506bbbc5eb7 100644 --- a/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixos/modules/services/networking/hylafax/systemd.nix @@ -106,8 +106,10 @@ let PrivateDevices = true; # breaks /dev/tty... PrivateNetwork = true; PrivateTmp = true; + #ProtectClock = true; # breaks /dev/tty... (why?) ProtectControlGroups = true; #ProtectHome = true; # breaks custom spool dirs + ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; #ProtectSystem = "strict"; # breaks custom spool dirs