nixos/dex-oidc: set proper SystemCallFilter · pyrox.dev/nixpkgs@ae025da

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/dex-oidc: set proper SystemCallFilter

MidAutumnMoon 3 years ago ae025da5 bd8413e8

+2 -2

1 changed file

expand all

nixos

modules

services

web-apps

dex.nix

+2 -2

nixos/modules/services/web-apps/dex.nix

··· 58 58 ''; 59 59 description = lib.mdDoc '' 60 60 The available options can be found in 61 - [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex.version}/config.yaml.dist). 61 + [the example configuration](https://github.com/dexidp/dex/blob/v${pkgs.dex-oidc.version}/config.yaml.dist). 62 62 63 63 It's also possible to refer to environment variables (defined in [services.dex.environmentFile](#opt-services.dex.environmentFile)) 64 64 using the syntax `$VARIABLE_NAME`. ··· 119 119 RestrictRealtime = true; 120 120 RestrictSUIDSGID = true; 121 121 SystemCallArchitectures = "native"; 122 - SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; 122 + SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; 123 123 TemporaryFileSystem = "/:ro"; 124 124 # Does not work well with the temporary root 125 125 #UMask = "0066";