diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-01 16:58:35 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-01 16:58:35 +0100 |
| commit | a795521d96a28564d0826d717d5e281f405e3889 (patch) | |
| tree | 53929620acd2e1174a97bf37b8345a71c91778b0 | |
| parent | 1e50023af2505e7a5fbad350d0c8a666e78d4fb9 (diff) | |
| download | nixos-a795521d96a28564d0826d717d5e281f405e3889.tar nixos-a795521d96a28564d0826d717d5e281f405e3889.tar.gz nixos-a795521d96a28564d0826d717d5e281f405e3889.tar.bz2 nixos-a795521d96a28564d0826d717d5e281f405e3889.tar.xz nixos-a795521d96a28564d0826d717d5e281f405e3889.zip | |
...
| -rw-r--r-- | hosts/vidhar/prometheus/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 98f0a90d..863b77fe 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix | |||
| @@ -225,7 +225,7 @@ in { | |||
| 225 | ProtectKernelTunables = true; | 225 | ProtectKernelTunables = true; |
| 226 | ProtectSystem = "strict"; | 226 | ProtectSystem = "strict"; |
| 227 | RemoveIPC = true; | 227 | RemoveIPC = true; |
| 228 | RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; | 228 | RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ]; |
| 229 | RestrictNamespaces = true; | 229 | RestrictNamespaces = true; |
| 230 | RestrictRealtime = true; | 230 | RestrictRealtime = true; |
| 231 | RestrictSUIDSGID = true; | 231 | RestrictSUIDSGID = true; |