From f4342c11e5feee7dd805045ed4dd3fb069d5ac83 Mon Sep 17 00:00:00 2001
From: MidAutumnMoon <me@418.im>
Date: Tue, 25 Oct 2022 16:45:49 +0800
Subject: nixos/geoipupdate: set proper SystemCallFilter

---
 nixos/modules/services/misc/geoipupdate.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/services')

diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix
index fafe4e3f241..ad80d489243 100644
--- a/nixos/modules/services/misc/geoipupdate.nix
+++ b/nixos/modules/services/misc/geoipupdate.nix
@@ -197,7 +197,7 @@ in
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
         ProcSubset = "pid";
-        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
         RestrictRealtime = true;
         RestrictNamespaces = true;
-- 
cgit 1.4.1