nixos/unbound: note about the AmbientCapabilities

author: Andreas Rammhold <andreas@rammhold.de> 2020-11-01 22:11:11 +0100
committer: Andreas Rammhold <andreas@rammhold.de> 2020-11-03 19:21:24 +0100
commit: 72fbf05c17374b01abd7b6b1927de4146a7251eb (patch)
tree: c2bd9638c4fe55d5654e89fd0c024bdd07df308d /nixos
parent: 5e602f88d1e8ba97491dd60c794c2faca273eccf (diff)
download: nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.gz
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.bz2
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.lz
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.xz
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.zst
nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index bcb48678b21..bc2d5e550ba 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -137,6 +137,7 @@ in
         NotifyAccess = "main";
         Type = "notify";
 
+        # FIXME: Which of these do we actualy need, can we drop the chroot flag?
         AmbientCapabilities = [
           "CAP_NET_BIND_SERVICE"
           "CAP_NET_RAW"
author	Andreas Rammhold <andreas@rammhold.de>	2020-11-01 22:11:11 +0100
committer	Andreas Rammhold <andreas@rammhold.de>	2020-11-03 19:21:24 +0100
commit	72fbf05c17374b01abd7b6b1927de4146a7251eb (patch)
tree	c2bd9638c4fe55d5654e89fd0c024bdd07df308d /nixos
parent	5e602f88d1e8ba97491dd60c794c2faca273eccf (diff)
download	nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.gz nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.bz2 nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.lz nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.xz nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.tar.zst nixpkgs-72fbf05c17374b01abd7b6b1927de4146a7251eb.zip