BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #246123 from mweinelt/matrix-appservice-syscall-filter-update

Browse source 
nixos/matrix-appservice-irc: update syscall filter
This commit is contained in:
Martin Weinelt 2023-07-30 13:19:13 +02:00 committed by GitHub
commit 0a5e37e177
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/matrix/appservice-irc.nix
View file

@ -215,7 +215,10 @@ in {
LockPersonality = true; LockPersonality = true;
RestrictRealtime = true; RestrictRealtime = true;
PrivateMounts = true; PrivateMounts = true;
SystemCallFilter = "~@aio @clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @setuid @swap"; SystemCallFilter = [
"@system-service @pkey"
"~@privileged @resources"
];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
# AF_UNIX is required to connect to a postgres socket. # AF_UNIX is required to connect to a postgres socket.
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6"; RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";