nixos/nats: set proper SystemCallFilter · pyrox.dev/nixpkgs@9b8fd74

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/nats: set proper SystemCallFilter

MidAutumnMoon 3 years ago 9b8fd74d afb8d0e5

+1 -1

1 changed file

expand all

nixos

modules

services

networking

nats.nix

+1 -1

nixos/modules/services/networking/nats.nix

··· 137 137 RestrictNamespaces = true; 138 138 RestrictRealtime = true; 139 139 RestrictSUIDSGID = true; 140 - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; 140 + SystemCallFilter = [ "@system-service" "~@privileged" ]; 141 141 UMask = "0077"; 142 142 } 143 143 ];