cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/tinc: disable chroot by default

Browse source
This commit is contained in:
Sandro Jäckel 2021-11-09 21:30:18 +01:00
parent 37bd69672d
commit c819ee9b67
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/networking/tinc.nix
View file

@ -289,13 +289,13 @@ in
};
chroot = mkOption {
default = true;
default = false;
type = types.bool;
description = ''
Change process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security.
The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
'';
};