nixos/wyoming/piper: relax ProcSubset to all

tjh.dev / nixpkgs

fork atom

nixpkgs mirror (for testing) github.com/NixOS/nixpkgs

nix

fork atom

nixos/wyoming/piper: relax ProcSubset to all

The onnxruntime library wants to query cpuinfo, which fails when the proc
subset is restricted.

Close: #445723

Martin Weinelt 6 months ago 3a4e4f6c f2e69a0f

+1 -1

1 changed file

expand all

nixos

modules

services

home-automation

wyoming

piper.nix

+1 -1

nixos/modules/services/home-automation/wyoming/piper.nix

··· 190 190 ProtectKernelTunables = true; 191 191 ProtectControlGroups = true; 192 192 ProtectProc = "invisible"; 193 - ProcSubset = "pid"; 193 + ProcSubset = "all"; # for onnxruntime, which queries cpuinfo 194 194 RestrictAddressFamilies = [ 195 195 "AF_INET" 196 196 "AF_INET6"