summary refs log tree commit diff
diff options
context:
space:
mode:
authorAlexandre Macabies <web+oss@zopieux.com>2020-09-27 20:54:04 +0200
committerAlexandre Macabies <web+oss@zopieux.com>2021-02-05 19:23:25 +0100
commit255882fbcc64a9c210d5b1bba78a0ddba7ed352d (patch)
treea7a55e8f09e237ac6f4e331030df316588e76135
parenta36cc03d96594526565ce06a0b6db14286fe88ae (diff)
downloadnixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar.gz
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar.bz2
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar.lz
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar.xz
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.tar.zst
nixpkgs-255882fbcc64a9c210d5b1bba78a0ddba7ed352d.zip
nixos/snapserver: add AF_NETLINK to allowed address families
This is necessary for Librespot, which is spawned by snapserver in the
same cgroup. Librespot requires querying local ip links and addresses
for MDNS (Zeroconf/Avahi), and does so through NETLINK interface.
Diffstat
-rw-r--r--nixos/modules/services/audio/snapserver.nix2
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix
index b207fd30e22..0acaccfd3ca 100644
--- a/nixos/modules/services/audio/snapserver.nix
+++ b/nixos/modules/services/audio/snapserver.nix
@@ -286,7 +286,7 @@ in {
         ProtectKernelTunables = true;
         ProtectControlGroups = true;
         ProtectKernelModules = true;
-        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
         RestrictNamespaces = true;
         RuntimeDirectory = name;
         StateDirectory = name;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-11 11:23:19 +0000