Fix CVE-2021-3156

2024-06-19 19:39:00 +01:00 · 2024-06-19 19:39:00 +01:00 · 6fc5a2b1ea
parent 2bcb07ee60
commit 6fc5a2b1ea
2 changed files with 6 additions and 0 deletions
--- a/common/sudo.nix
+++ b/common/sudo.nix
@ -0,0 +1,5 @@
+{ config, lib, pkgs,... }:
+
+{
+  security.sudo.execWheelOnly = true;
+}
--- a/hive.nix
+++ b/hive.nix
@ -23,6 +23,7 @@ in {
      (import "${sources.home-manager}/nixos")
      (import "${sources.agenix}/modules/age.nix")
      ./pinning.nix
+      ./common/sudo.nix
      ./common/utilities.nix
      ./users/qenya.nix
    ];