diff options
author | MidAutumnMoon <me@418.im> | 2022-10-25 16:45:49 +0800 |
---|---|---|
committer | MidAutumnMoon <me@418.im> | 2022-10-25 16:45:49 +0800 |
commit | f4342c11e5feee7dd805045ed4dd3fb069d5ac83 (patch) | |
tree | 1611a87ce1bed0eb2341546c4c135a5e9320ef6c /nixos | |
parent | 4fffb0e5fe2015bdbf29a83ae486cd836ff1ce94 (diff) | |
download | nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.gz nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.bz2 nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.lz nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.xz nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.tar.zst nixpkgs-f4342c11e5feee7dd805045ed4dd3fb069d5ac83.zip |
nixos/geoipupdate: set proper SystemCallFilter
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/geoipupdate.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix index fafe4e3f241..ad80d489243 100644 --- a/nixos/modules/services/misc/geoipupdate.nix +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -197,7 +197,7 @@ in ProtectKernelTunables = true; ProtectProc = "invisible"; ProcSubset = "pid"; - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; RestrictRealtime = true; RestrictNamespaces = true; |