shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Shelvacu
2025-05-10 23:21:34 -07:00
committed by Shelvacu on fw
parent 2d14e9b8e3
commit 1a02597ca0
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nixos-modules/genieacs.nix
View File

@@ -275,7 +275,8 @@ in
DeviceAllow = ""; DeviceAllow = "";
ProtectSystem = "strict"; ProtectSystem = "strict";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true; # it's nodejs, which has a JIT, so it needs write-execute memory
# MemoryDenyWriteExecute = true;
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true; PrivateDevices = true;
PrivateMounts = true; PrivateMounts = true;