commit afb8d0e5a62c6018c4cd3545c76e672cec6ccabb · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/prometheus-smartctl: set proper SystemCallFilter

MidAutumnMoon 3 years ago afb8d0e5 f4342c11

options

unified split

Changed files

+1 -4

nixos

modules

services

monitoring

prometheus

exporters

smartctl.nix

+1 -4

nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix

···

       66
        
             ProtectProc = "invisible";

     

       67
        
             ProcSubset = "pid";

     

       68
        
             SupplementaryGroups = [ "disk" ];

     

       69
       -
             SystemCallFilter = [

     

       70
       -
               "@system-service"

     

       71
       -
               "~@privileged @resources"

     

       72
       -
             ];

     

       73
        
           };

     

       74
        
         };

     

       75
        
       }

···

       66
        
             ProtectProc = "invisible";

     

       67
        
             ProcSubset = "pid";

     

       68
        
             SupplementaryGroups = [ "disk" ];

     

       69
       +
             SystemCallFilter = [ "@system-service" "~@privileged" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       70
        
           };

     

       71
        
         };

     

       72
        
       }