gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #17822 from abbradar/systemd-mounts

Browse Source 
nixos filesystems: unify special filesystems handling
This commit is contained in:
Nikolay Amiantov
2016-08-30 22:42:19 +04:00
committed by GitHub
parent cb4cd5d7f0 6efcfe03ae
commit 509733a343
7 changed files with 75 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
nixos/modules/security/hidepid.nix
View File

@@ -20,23 +20,6 @@ with lib;
config = mkIf config.security.hideProcessInformation {
users.groups.proc.gid = config.ids.gids.proc;
systemd.services.hidepid = {
wantedBy = [ "local-fs.target" ];
after = [ "systemd-remount-fs.service" ];
before = [ "local-fs-pre.target" "local-fs.target" "shutdown.target" ];
wants = [ "local-fs-pre.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=2,gid=${toString config.ids.gids.proc} /proc'';
ExecStop = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=0,gid=0 /proc'';
};
unitConfig = {
DefaultDependencies = false;
Conflicts = "shutdown.target";
};
};
fileSystems."/proc".options = [ "hidepid=2" "gid=${toString config.ids.gids.proc}" ];
};
}