diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-25 20:26:22 +0200 |
|---|---|---|
| committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-04-25 20:26:22 +0200 |
| commit | 6f358fa1d48d162b529635b7e137ea562b236621 (patch) | |
| tree | f4b9476b3420ab3ec2b98a1aa915eb0fd7916c1f | |
| parent | 3a9609613d1c98d03ec8fe3235a6aff3d3d2da21 (diff) | |
| download | nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar.gz nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar.bz2 nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar.lz nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar.xz nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.tar.zst nixpkgs-6f358fa1d48d162b529635b7e137ea562b236621.zip | |
nixos/rspamd: Fix CapabilityBoundingSet option
An empty list results in no CapabilityBoundingSet at all, an empty string however will set `CapabilityBoundingSet=`, which represents a closed set. Related: #120617
| -rw-r--r-- | nixos/modules/services/mail/rspamd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/rspamd.nix b/nixos/modules/services/mail/rspamd.nix index 2f9d28195bd..473ddd52357 100644 --- a/nixos/modules/services/mail/rspamd.nix +++ b/nixos/modules/services/mail/rspamd.nix @@ -410,7 +410,7 @@ in StateDirectoryMode = "0700"; AmbientCapabilities = []; - CapabilityBoundingSet = []; + CapabilityBoundingSet = ""; DevicePolicy = "closed"; LockPersonality = true; NoNewPrivileges = true; |