summaryrefslogtreecommitdiffstats
path: root/nixos/modules/security/misc.nix
diff options
context:
space:
mode:
authorJoachim Fasting <joachifm@fastmail.fm>2018-11-24 18:37:46 +0100
committerJoachim Fasting <joachifm@fastmail.fm>2018-12-27 15:00:46 +0100
commit9db84f6fcdb2616471abb6a427a2b21fe8a8255f (patch)
treedfd14c072af26d4572510f4c55f4c8886abcff41 /nixos/modules/security/misc.nix
parent2534dddaa96af8faa442ba7ac360966c7990e773 (diff)
nixos/security/misc: use mkMerge for easier extension
Diffstat (limited to 'nixos/modules/security/misc.nix')
-rw-r--r--nixos/modules/security/misc.nix24
1 files changed, 13 insertions, 11 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix
index 42f872b7b088..f3fc6db22ead 100644
--- a/nixos/modules/security/misc.nix
+++ b/nixos/modules/security/misc.nix
@@ -24,16 +24,18 @@ with lib;
};
};
- config = mkIf (!config.security.allowUserNamespaces) {
- # Setting the number of allowed user namespaces to 0 effectively disables
- # the feature at runtime. Note that root may raise the limit again
- # at any time.
- boot.kernel.sysctl."user.max_user_namespaces" = 0;
+ config = mkMerge [
+ (mkIf (!config.security.allowUserNamespaces) {
+ # Setting the number of allowed user namespaces to 0 effectively disables
+ # the feature at runtime. Note that root may raise the limit again
+ # at any time.
+ boot.kernel.sysctl."user.max_user_namespaces" = 0;
- assertions = [
- { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
- message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
- }
- ];
- };
+ assertions = [
+ { assertion = config.nix.useSandbox -> config.security.allowUserNamespaces;
+ message = "`nix.useSandbox = true` conflicts with `!security.allowUserNamespaces`.";
+ }
+ ];
+ })
+ ];
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 00:45:35 +0000