Wroclaw/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Activity

nixos/polkit/network: disallow managing wg-quick services to system accoutns

Browse source
This commit is contained in:
Wroclaw 2024-09-30 12:25:35 +02:00
parent 6209a92212
commit cce35f8934
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nix-os/polkit/network.nix
View file

@ -5,6 +5,7 @@
// Allow to start and stop wireguard client services // Allow to start and stop wireguard client services
if ( if (
action.id == "org.freedesktop.systemd1.manage-units" && action.id == "org.freedesktop.systemd1.manage-units" &&
subject.isInGroup("users") &&
action.lookup("unit") && action.lookup("unit") &&
action.lookup("unit").match(/^wg-quick-.*\.service$/) action.lookup("unit").match(/^wg-quick-.*\.service$/)
) { ) {