Remove ProtectSystem from service definition

pedorich-n · Mar 30, 2024 · f2e8d91 · f2e8d91
1 parent 6d3cf45
commit f2e8d91
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/nix/nixos-module.nix b/nix/nixos-module.nix
@@ -114,12 +114,11 @@ in
         ProtectKernelTunables = true;
         ProtectKernelLogs = true;
         ProtectControlGroups = true;
-        ProtectSystem = "strict";
         RestrictSUIDSGID = true;
         RestrictNamespaces = true;
         ProtectClock = true;
         NoNewPrivileges = true;
-        CapabilityBoundingSet = [ "" ];
+        CapabilityBoundingSet = [ ];
       };
     };
   };