kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

openclaw: soften the hardening

Browse Source
This commit is contained in:
Kierán Meinhardt
2026-02-17 20:21:24 +01:00
parent c34647a800
commit bfbe2da850
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
systems/ful/openclaw.nix
View File

@@ -43,11 +43,11 @@
ProtectClock = true; ProtectClock = true;
ProtectControlGroups = true; ProtectControlGroups = true;
ProtectHostname = true; ProtectHostname = true;
ProtectProc = "invisible";
ProcSubset = "pid"; ProcSubset = "pid";
RemoveIPC = true; RemoveIPC = true;
AmbientCapabilities = ["CAP_NET_RAW"]; # access chromium websockets
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
RestrictNamespaces = true; RestrictNamespaces = false; # might be used by websocket library
RestrictRealtime = true; RestrictRealtime = true;
LockPersonality = true; LockPersonality = true;
UMask = "0077"; UMask = "0077";