diff options
| author | Erik Arvstedt <erik.arvstedt@gmail.com> | 2022-09-22 08:14:21 +0200 |
|---|---|---|
| committer | Erik Arvstedt <erik.arvstedt@gmail.com> | 2022-09-22 08:14:21 +0200 |
| commit | ecacff35a6803be8ec93a261cf9836ccd26012aa (patch) | |
| tree | 5dbe0bc6422ac26d9c00211aadd61a568c245902 /nixos/modules/services/misc/paperless.nix | |
| parent | 57e15d64c3f675301cfee9fe4e87726691d8c94e (diff) | |
| download | nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar.gz nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar.bz2 nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar.lz nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar.xz nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.tar.zst nixpkgs-ecacff35a6803be8ec93a261cf9836ccd26012aa.zip | |
nixos/paperless: add required syscall
`unpaper` requires syscall 238 (`set_mempolicy`). Add this by un-blocking the systemd syscall filter set `@resources` which is safe in the context of paperless.
Diffstat (limited to 'nixos/modules/services/misc/paperless.nix')
| -rw-r--r-- | nixos/modules/services/misc/paperless.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index e11158f8a12..6a98d5cb686 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -80,7 +80,7 @@ let RestrictSUIDSGID = true; SupplementaryGroups = optional enableRedis redisServer.user; SystemCallArchitectures = "native"; - SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; + SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; # Does not work well with the temporary root #UMask = "0066"; }; |