swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 20:39:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #141823 from zopieux/fix-rtl433-hardening

Browse source
This commit is contained in:
Martin Weinelt 2021-10-16 03:15:52 +02:00 committed by GitHub
parent 785cd037fc 7fb3edb077
commit b84bf1f3c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/monitoring/prometheus/exporters/rtl_433.nix
View file

@ -61,6 +61,11 @@ in
serviceConfig = {
# rtl-sdr udev rules make supported USB devices +rw by plugdev.
SupplementaryGroups = "plugdev";
# rtl_433 needs rw access to the USB radio.
PrivateDevices = lib.mkForce false;
DeviceAllow = lib.mkForce "char-usb_device rw";
RestrictAddressFamilies = [ "AF_NETLINK" ];
ExecStart = let
matchers = (map (m:
"--channel_matcher '${m.name},${toString m.channel},${m.location}'"