0ce90d58cc
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem so that Chrony flaws are mitigated, should they occur. Moving to ProtectSystem=full however, requires moving the chrony key files under /var/lib/chrony -- which should be fine, anyway. This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring that chronyd will only be launched in an environment where such a capability can be granted. Signed-off-by: Austin Seipp <aseipp@pobox.com> |
||
---|---|---|
.. | ||
doc | ||
lib | ||
maintainers | ||
modules | ||
tests | ||
COPYING | ||
default.nix | ||
README | ||
release-combined.nix | ||
release-small.nix | ||
release.nix |
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at http://nixos.org/nixos and in the manual in doc/manual.