gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/tor: add onion service unix sockets to BindPaths (#440889)

Browse Source
This commit is contained in:
h7x4
2025-10-13 14:22:31 +00:00
committed by GitHub
parent 1f47d9701e 16a1b0e531
commit e0e68c546b
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/security/tor.nix
View File

@@ -1410,7 +1410,14 @@ in
RootDirectoryStartOnly = true;
#InaccessiblePaths = [ "-+${runDir}/root" ];
UMask = "0066";
BindPaths = [ stateDir ];
BindPaths = [
stateDir
]
++ lib.catAttrs "unix" (
lib.catAttrs "target" (
lib.concatMap (onionService: onionService.map) (lib.attrValues cfg.relay.onionServices)
)
);
BindReadOnlyPaths = [
builtins.storeDir
"/etc"