bug: fix the strict protection breaking prestart

dunkirk.sh / dots

fork atom

Kieran's opinionated (and probably slightly dumb) nix config

fork atom

dunkirk.sh 1 week ago d4d87677 399b9012

verified

1 changed file

expand all

unified split

modules

lib

mkService.nix

modules/lib/mkService.nix

··· 257 # Security hardening 258 NoNewPrivileges = true; 259 ProtectSystem = "strict"; 260 ProtectHome = true; 261 PrivateTmp = true; 262

··· 257 # Security hardening 258 NoNewPrivileges = true; 259 ProtectSystem = "strict"; 260 + ReadWritePaths = [ cfg.dataDir ]; 261 ProtectHome = true; 262 PrivateTmp = true; 263