diff options
| author | Malte Brandy <malte.brandy@maralorn.de> | 2021-05-07 15:03:54 +0200 |
|---|---|---|
| committer | Malte Brandy <malte.brandy@maralorn.de> | 2021-05-07 15:03:54 +0200 |
| commit | 2a11f1f5cc1c4680b49240203db18ecbb19b9cc5 (patch) | |
| tree | df44c5fcd797c97297ab663b63167e9b4bc06a72 /nixos/modules/services/misc/home-assistant.nix | |
| parent | f73c2278d07e674233040422b71d965a0587756f (diff) | |
| parent | ae1c8ede09b53007ba9b3c32f926c9c03547ae8b (diff) | |
| download | nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.gz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.bz2 nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.lz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.xz nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.tar.zst nixpkgs-2a11f1f5cc1c4680b49240203db18ecbb19b9cc5.zip | |
Merge branch 'master' into haskell-updates
Diffstat (limited to 'nixos/modules/services/misc/home-assistant.nix')
| -rw-r--r-- | nixos/modules/services/misc/home-assistant.nix | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix index 1985f130881..1e33381de24 100644 --- a/nixos/modules/services/misc/home-assistant.nix +++ b/nixos/modules/services/misc/home-assistant.nix @@ -298,7 +298,7 @@ in { ProtectKernelModules = true; ProtectKernelTunables = true; ProtectProc = "invisible"; - ProcSubset = "pid"; + ProcSubset = "all"; ProtectSystem = "strict"; RemoveIPC = true; ReadWritePaths = let @@ -308,9 +308,10 @@ in { allowPaths = if isList value then value else singleton value; in [ "${cfg.configDir}" ] ++ allowPaths; RestrictAddressFamilies = [ - "AF_UNIX" "AF_INET" "AF_INET6" + "AF_NETLINK" + "AF_UNIX" ] ++ optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [ "AF_BLUETOOTH" ]; |