summary refs log tree commit diff
path: root/nixos/modules/services/misc/geoipupdate.nix
diff options
context:
space:
mode:
authorMidAutumnMoon <me@418.im>2022-10-25 16:45:49 +0800
committerMidAutumnMoon <me@418.im>2022-10-25 16:45:49 +0800
commitf4342c11e5feee7dd805045ed4dd3fb069d5ac83 (patch)
tree1611a87ce1bed0eb2341546c4c135a5e9320ef6c /nixos/modules/services/misc/geoipupdate.nix
parent4fffb0e5fe2015bdbf29a83ae486cd836ff1ce94 (diff)
downloadnixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.gz
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.bz2
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.lz
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.xz
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.zst
nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.zip
nixos/geoipupdate: set proper SystemCallFilter
Diffstat (limited to 'nixos/modules/services/misc/geoipupdate.nix')
-rw-r--r--nixos/modules/services/misc/geoipupdate.nix2


1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix
index fafe4e3f241..ad80d489243 100644
--- a/nixos/modules/services/misc/geoipupdate.nix
+++ b/nixos/modules/services/misc/geoipupdate.nix
@@ -197,7 +197,7 @@ in
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
         ProcSubset = "pid";
-        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
         RestrictRealtime = true;
         RestrictNamespaces = true;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-17 16:51:07 +0000