nixos/redmine: Enable MountAPIVFS hardening in service config

This setting is already implied by others, but add it for completeness as well. For documentation see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS= Signed-off-by: Felix Singer <felixsinger@posteo.net>
2025-10-06 15:27:05 +02:00
parent 21f827065b
commit 79ab4bb47b
1 changed files with 1 additions and 0 deletions
--- a/nixos/modules/services/misc/redmine.nix
+++ b/nixos/modules/services/misc/redmine.nix
@@ -461,6 +461,7 @@ in
        CapabilityBoundingSet = "";
        LockPersonality = true;
        MemoryDenyWriteExecute = true;
+        MountAPIVFS = true;
        NoNewPrivileges = true;
        PrivateDevices = true;
        PrivateMounts = true;