nixos/opendkim: Fix CapabilityBoundingSet option

An empty list results in no CapabilityBoundingSet at all, an empty
string however will set `CapabilityBoundingSet=`, which represents a
closed set.

Related: #120617
This commit is contained in:
Martin Weinelt 2021-04-25 20:24:07 +02:00
parent 6af7bcbd93
commit 3a9609613d
No known key found for this signature in database
GPG key ID: 87C1E9888F856759

View file

@ -134,7 +134,7 @@ in {
ReadWritePaths = [ cfg.keyPath ]; ReadWritePaths = [ cfg.keyPath ];
AmbientCapabilities = []; AmbientCapabilities = [];
CapabilityBoundingSet = []; CapabilityBoundingSet = "";
DevicePolicy = "closed"; DevicePolicy = "closed";
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;