nixos/galene: set proper SystemCallFilter · pyrox.dev/nixpkgs@19b481f

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/galene: set proper SystemCallFilter

MidAutumnMoon 3 years ago 19b481fb 29571c9c

+1 -1

1 changed file

expand all

nixos

modules

services

web-apps

galene.nix

+1 -1

nixos/modules/services/web-apps/galene.nix

··· 191 191 RestrictRealtime = true; 192 192 RestrictSUIDSGID = true; 193 193 SystemCallArchitectures = "native"; 194 - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; 194 + SystemCallFilter = [ "@system-service" "~@privileged" ]; 195 195 UMask = "0077"; 196 196 } 197 197 ];