Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: 6ebad0821f20
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 0ce90d58cca7
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Sep 24, 2018

  1. nixos/chrony: clean up, rework to be a little closer to upstream 

    Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
    @thoughtpolice
    thoughtpolice committed Sep 24, 2018
    Copy the full SHA
    0ce90d5 View commit details
    Browse the repository at this point in the history