nixos.photoprism: Relax sandbox to allow running exiftool

lol

exiftool is written in Perl which appears to call `chown` as part of startup. This is blocked by the `@privileged` system call group. This causes a failure when changing image orientation.

Fixes: https://github.com/NixOS/nixpkgs/issues/249120

Kevin Cox 2 years ago 86c67a1f ea95c091

+1 -1

1 changed file

expand all

nixos

modules

services

web-apps

photoprism.nix

+1 -1

nixos/modules/services/web-apps/photoprism.nix

··· 123 123 RestrictNamespaces = true; 124 124 RestrictRealtime = true; 125 125 SystemCallArchitectures = "native"; 126 - SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; 126 + SystemCallFilter = [ "@system-service" "~@setuid @keyring" ]; 127 127 UMask = "0066"; 128 128 } // lib.optionalAttrs (cfg.port < 1024) { 129 129 AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];