commit 59dbe319cec232cf2604fa2ca8f018a05a0eb88a · pyrox.dev/nixpkgs

+1 -1

nixos/modules/services/networking/ntp/chrony.nix

···

       203
       203
        
                 PrivateMounts = true;

     

       204
       204
        
                 # System Call Filtering

     

       205
       205
        
                 SystemCallArchitectures = "native";

     

       206
       206
       -
                 SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ];

     

       206
       206
       +
                 SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ] ++ lib.optional pkgs.stdenv.hostPlatform.isAarch64 "fchownat";

     

       207
       207
        
               };

     

       208
       208
        
             };

     

       209
       209
        
         };