cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/clamav: run as clamav user not root

Browse source
This commit is contained in:
happysalada 2023-11-20 20:49:53 +01:00 committed by Yt
parent ef6b8ff15a
commit eb746540a9
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/security/clamav.nix
View file

@ -110,6 +110,8 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${pkg}/bin/clamd"; ExecStart = "${pkg}/bin/clamd";
ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
User = clamavUser;
Group = clamavGroup;
StateDirectory = "clamav"; StateDirectory = "clamav";
RuntimeDirectory = "clamav"; RuntimeDirectory = "clamav";
PrivateTmp = "yes"; PrivateTmp = "yes";
@ -138,6 +140,8 @@ in
SuccessExitStatus = "1"; # if databases are up to date SuccessExitStatus = "1"; # if databases are up to date
StateDirectory = "clamav"; StateDirectory = "clamav";
RuntimeDirectory = "clamav"; RuntimeDirectory = "clamav";
User = clamavUser;
Group = clamavGroup;
PrivateTmp = "yes"; PrivateTmp = "yes";
PrivateDevices = "yes"; PrivateDevices = "yes";
}; };