commit 4ee53e6544422f9c49a7d7e97d2c7023c9aaee5f · pyrox.dev/nixpkgs

+12

nixos/modules/services/misc/open-webui.nix

···

       120
        
               RestrictRealtime = true;

     

       121
        
               SystemCallArchitectures = "native";

     

       122
        
               UMask = "0077";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       123
        
             };

     

       124
        
           };

     

       125

···

       120
        
               RestrictRealtime = true;

     

       121
        
               SystemCallArchitectures = "native";

     

       122
        
               UMask = "0077";

     

       123
       +
               CapabilityBoundingSet = "";

     

       124
       +
               RestrictAddressFamilies = [

     

       125
       +
                 "AF_INET"

     

       126
       +
                 "AF_INET6"

     

       127
       +
                 "AF_UNIX"

     

       128
       +
               ];

     

       129
       +
               ProtectClock = true;

     

       130
       +
               ProtectProc = "invisible";

     

       131
       +
               SystemCallFilter = [

     

       132
       +
                 "@system-service"

     

       133
       +
                 "~@privileged"

     

       134
       +
               ];

     

       135
        
             };

     

       136
        
           };

     

       137