commit 9b8fd74d68fca9eace442379fc74b80bbab894c1 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/nats: set proper SystemCallFilter

MidAutumnMoon 3 years ago 9b8fd74d afb8d0e5

options

unified split

Changed files

+1 -1

nixos

modules

services

networking

nats.nix

+1 -1

nixos/modules/services/networking/nats.nix

···

       137
       137
        
                 RestrictNamespaces = true;

     

       138
       138
        
                 RestrictRealtime = true;

     

       139
       139
        
                 RestrictSUIDSGID = true;

     

       140
       140
       -
                 SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];

     

       140
       140
       +
                 SystemCallFilter = [ "@system-service" "~@privileged" ];

     

       141
       141
        
                 UMask = "0077";

     

       142
       142
        
               }

     

       143
       143
        
             ];