pyrox.dev
Merge pull request #189934 from delroth/grafana-sandboxing
nixos/grafana: loosen systemd syscall sandboxing
authored by Luke Granger-Brown and committed by GitHub 8157e3d8 3b987a45
+1
-1
nixos/modules/services/monitoring/grafana.nix
+1
-1
nixos/modules/services/monitoring/grafana.nix
···
792
792
SystemCallArchitectures = "native";
793
793
# Upstream grafana is not setting SystemCallFilter for compatibility
794
794
# reasons, see https://github.com/grafana/grafana/pull/40176
795
-
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
795
+
SystemCallFilter = [ "@system-service" "~@privileged" ];
796
796
UMask = "0027";
797
797
};
798
798
preStart = ''