|
|
|
@ -289,13 +289,13 @@ in |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
chroot = mkOption { |
|
|
|
|
default = true; |
|
|
|
|
default = false; |
|
|
|
|
type = types.bool; |
|
|
|
|
description = '' |
|
|
|
|
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. |
|
|
|
|
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets. |
|
|
|
|
|
|
|
|
|
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment. |
|
|
|
|
Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|