systemd.services.<name>.confinement.enable

If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).

Type

boolean

Default

false

Declared

<nixpkgs/nixos/modules/security/systemd-confinement.nix>