BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: remove duplicates SystemCallFilters

Browse source
This commit is contained in:
Izorkin 2021-05-13 15:29:25 +03:00
parent e948a04cde
commit feebe402f5
No known key found for this signature in database
GPG key ID: 1436C1B3F3679F09
6 changed files with 6 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/databases/redis.nix
View file

@ -331,7 +331,7 @@ in {
PrivateMounts = true; PrivateMounts = true;
# System Call Filtering # System Call Filtering
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @privileged @raw-io @reboot @resources @setuid @swap"; SystemCallFilter = "~@cpu-emulation @debug @keyring @memlock @mount @obsolete @privileged @resources @setuid";
}; };
}; };
}; };

4
nixos/modules/services/misc/jellyfin.nix
View file

@ -92,9 +92,7 @@ in
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid"
"~@chown" "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@module"
"~@obsolete" "~@privileged" "~@setuid"
]; ];
}; };
}; };

2
nixos/modules/services/network-filesystems/samba-wsdd.nix
View file

@ -117,7 +117,7 @@ in {
PrivateMounts = true; PrivateMounts = true;
# System Call Filtering # System Call Filtering
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap"; SystemCallFilter = "~@cpu-emulation @debug @mount @obsolete @privileged @resources";
}; };
}; };
}; };

4
nixos/modules/services/networking/croc.nix
View file

@ -72,9 +72,7 @@ in
RuntimeDirectoryMode = "700"; RuntimeDirectoryMode = "700";
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"~@aio" "~@chown" "~@keyring" "~@memlock" "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@setuid" "~@sync" "~@timer"
"~@privileged" "~@resources" "~@setuid"
"~@sync" "~@timer"
]; ];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";

5
nixos/modules/services/web-apps/shiori.nix
View file

@ -86,10 +86,7 @@ in {
SystemCallErrorNumber = "EPERM"; SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@resources" "~@setuid"
"~@chown" "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock"
"~@module" "~@obsolete" "~@privileged" "~@raw-io"
"~@resources" "~@setuid"
]; ];
}; };
}; };

2
nixos/modules/services/web-servers/nginx/default.nix
View file

@ -850,7 +850,7 @@ in
PrivateMounts = true; PrivateMounts = true;
# System Call Filtering # System Call Filtering
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@chown @cpu-emulation @debug @keyring @ipc @module @mount @obsolete @privileged @raw-io @reboot @setuid @swap"; SystemCallFilter = "~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid";
}; };
}; };