manual: nginx: Mention ProtectHome in release notes. See #85567 #103147
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See #85567 (review).
With the upgrade to 20.09, trying to set
I got permission errors in nginx logs:
and in strace:
despite my file system permissions being set up correctly.
sudo -u nginx stat /home/niklas/web/index.html
completed successfully.Eventually I found that this is because of the new
ProtectHome = mkDefault true;
systemd sandboxing option introduced innixpkgs/nixos/modules/services/web-servers/nginx/default.nix
Line 725 in 29cb4d0
(PR #85567).
This changelog update makes the user aware of this. It needs to be backported to 20.09.