Merge pull request #6624 from joachifm/grsec-lock
nixos: grsec-lock service fixes
This commit is contained in:
commit
c97d7819ab
@ -286,10 +286,11 @@ in
|
||||
|
||||
systemd.services.grsec-lock = mkIf cfg.config.sysctl {
|
||||
description = "grsecurity sysctl-lock Service";
|
||||
requires = [ "sysctl.service" ];
|
||||
requires = [ "systemd-sysctl.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = "yes";
|
||||
unitConfig.ConditionPathIsReadWrite = "/proc/sys/kernel/grsecurity/grsec_lock";
|
||||
script = ''
|
||||
locked=`cat /proc/sys/kernel/grsecurity/grsec_lock`
|
||||
if [ "$locked" == "0" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user