Flake: add nixpkgs patch to fix rtkit
This commit is contained in:
parent
91d0d875ea
commit
13c1d5864d
2 changed files with 23 additions and 0 deletions
|
|
@ -103,6 +103,7 @@
|
|||
patches = [
|
||||
./nixpkgs-patches/pr454957.patch
|
||||
./nixpkgs-patches/pr454958.patch
|
||||
./nixpkgs-patches/pr455128.patch
|
||||
];
|
||||
};
|
||||
nixpkgs-patched = nixpkgs-raw.legacyPackages.x86_64-linux.applyPatches {
|
||||
|
|
|
|||
22
nixpkgs-patches/pr455128.patch
Normal file
22
nixpkgs-patches/pr455128.patch
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
From 2e9d838795edcec2b79dda0284acf27ee34b1ecc Mon Sep 17 00:00:00 2001
|
||||
From: h7x4 <h7x4@nani.wtf>
|
||||
Date: Fri, 24 Oct 2025 14:24:14 +0900
|
||||
Subject: [PATCH] nixos/rtkit: fix hardening
|
||||
|
||||
---
|
||||
nixos/modules/security/rtkit.nix | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/nixos/modules/security/rtkit.nix b/nixos/modules/security/rtkit.nix
|
||||
index d7c6df17f03b9..f2cd256468da9 100644
|
||||
--- a/nixos/modules/security/rtkit.nix
|
||||
+++ b/nixos/modules/security/rtkit.nix
|
||||
@@ -64,7 +64,7 @@ in
|
||||
];
|
||||
|
||||
# Needs to verify the user of the processes.
|
||||
- PrivateUsers = "full";
|
||||
+ PrivateUsers = false;
|
||||
# Needs to access other processes to modify their scheduling modes.
|
||||
ProcSubset = "all";
|
||||
ProtectProc = "default";
|
||||
Loading…
Add table
Add a link
Reference in a new issue