Merge pull request #239276 from NixOS/backport-239208-to-release-23.05

[Backport release-23.05] nixos/vault: set coredump ulimit to 0
author: Nick Cao <nickcao@nichi.co> 2023-06-23 10:58:43 +0800
committer: GitHub <noreply@github.com> 2023-06-23 10:58:43 +0800
commit: fc541b860a2890aac7f0c6fc43a86d43080f631a (patch)
tree: 42cd62512a6204bddde1c4197ba9c5c1762ea1ba
parent: Merge pull request #239243 from NixOS/backport-237235-to-release-23.05 (diff)
parent: vault: set coredump ulimit to 0 (diff)
download: nixpkgs-fc541b860a2890aac7f0c6fc43a86d43080f631a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/security/vault.nix b/nixos/modules/services/security/vault.nix
index 7b9e31a8d990..18d981cdb0d2 100644
--- a/nixos/modules/services/security/vault.nix
+++ b/nixos/modules/services/security/vault.nix
@@ -221,6 +221,7 @@ in
         ProtectHome = "read-only";
         AmbientCapabilities = "cap_ipc_lock";
         NoNewPrivileges = true;
+        LimitCORE = 0;
         KillSignal = "SIGINT";
         TimeoutStopSec = "30s";
         Restart = "on-failure";
author	Nick Cao <nickcao@nichi.co>	2023-06-23 10:58:43 +0800
committer	GitHub <noreply@github.com>	2023-06-23 10:58:43 +0800
commit	fc541b860a2890aac7f0c6fc43a86d43080f631a (patch)
tree	42cd62512a6204bddde1c4197ba9c5c1762ea1ba
parent	Merge pull request #239243 from NixOS/backport-237235-to-release-23.05 (diff)
parent	vault: set coredump ulimit to 0 (diff)
download	nixpkgs-fc541b860a2890aac7f0c6fc43a86d43080f631a.tar.gz