pyrox.dev / nixpkgs
lol
fork atom

nixos/meilisearch: allow access to proc for memory limit (#442565)

h7x4 30a76b36 f2e6aba3

options
unified split
Changed files
+3 -1
nixos
modules
services
search
meilisearch.nix
+3 -1
nixos/modules/services/search/meilisearch.nix 
···

       
256

       
256

       
 

       
        LockPersonality = true;


     

       
257

       
257

       
 

       
        MemoryDenyWriteExecute = true;


     

       
258

       
258

       
 

       



     

       
259

       

       
-

       
        ProcSubset = "pid";


     

       

       
259

       
+

       
        # Meilisearch needs to determine cgroup memory limits to set its own memory limits.


     

       

       
260

       
+

       
        # This means this can't be set to "pid"


     

       

       
261

       
+

       
        ProcSubset = "all";


     

       
260

       
262

       
 

       
        ProtectProc = "invisible";


     

       
261

       
263

       
 

       



     

       
262

       
264

       
 

       
        NoNewPrivileges = true;