kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/tinc: disable chroot by default

Browse Source
main
Sandro Jäckel 3 years ago
parent 37bd69672d
commit c819ee9b67
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 2 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      nixos/modules/services/networking/tinc.nix

4
nixos/modules/services/networking/tinc.nix
Unescape View File

@ -289,13 +289,13 @@ in
};
chroot = mkOption {
default = true;
default = false;
type = types.bool;
description = ''
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
'';
};

Write Preview
Loading…
Cancel
Save