lib/misc: add umask to serviceHardened

2024-12-20 16:36:02 +08:00 · 2024-12-20 16:36:02 +08:00 · 13d8ed5901
parent 898ce2046d
commit 13d8ed5901
1 changed files with 1 additions and 0 deletions
--- a/lib/misc/service-hardened.nix
+++ b/lib/misc/service-hardened.nix
@ -33,4 +33,5 @@ lib.mapAttrs (_k: lib.mkOptionDefault) {
  SystemCallArchitectures = "native";
  SystemCallErrorNumber = "EPERM";
  SystemCallFilter = [ "@system-service" ];
+  UMask = "0077";
 }