pyrox.dev
lol
nixos/galene: do not restrict AF_NETLINK
Built-in TURN server requires AF_NETLINK address family.
+1
-1
+1
-1
nixos/modules/services/web-apps/galene.nix
+1
-1
nixos/modules/services/web-apps/galene.nix
···
186
186
ProtectSystem = "strict";
187
187
ReadWritePaths = cfg.recordingsDir;
188
188
RemoveIPC = true;
189
-
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
189
+
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ];
190
190
RestrictNamespaces = true;
191
191
RestrictRealtime = true;
192
192
RestrictSUIDSGID = true;