summary refs log tree commit diff
path: root/nixos/modules/services/networking/yggdrasil.nix
diff options
context:
space:
mode:
authorMidAutumnMoon <me@418.im>2022-10-25 16:09:31 +0800
committerMidAutumnMoon <me@418.im>2022-10-25 16:09:31 +0800
commit7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1 (patch)
tree9a0d3b75384f5cdf6696cd56389674fb677b00a1 /nixos/modules/services/networking/yggdrasil.nix
parentae025da558802211d597191ffcf2a7273c030400 (diff)
downloadnixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar.gz
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar.bz2
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar.lz
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar.xz
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.tar.zst
nixpkgs-7742cd543da19a9b7bc32ead0394dfa9ff5c4bd1.zip
nixos/yggdrasil: set proper SystemCallFilter
Diffstat (limited to 'nixos/modules/services/networking/yggdrasil.nix')
-rw-r--r--nixos/modules/services/networking/yggdrasil.nix2


1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/yggdrasil.nix b/nixos/modules/services/networking/yggdrasil.nix
index e56f169d05e..3d5cbdd2dc3 100644
--- a/nixos/modules/services/networking/yggdrasil.nix
+++ b/nixos/modules/services/networking/yggdrasil.nix
@@ -180,7 +180,7 @@ in {
         RestrictNamespaces = true;
         RestrictRealtime = true;
         SystemCallArchitectures = "native";
-        SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @resources";
+        SystemCallFilter = [ "@system-service" "~@privileged @keyring" ];
       } // (if (cfg.group != null) then {
         Group = cfg.group;
       } else {});

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-18 19:47:25 +0000