diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-08-25 18:28:47 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-08-26 09:07:38 +0000 |
| commit | 2189c4ecce070aa8b301858c43af5facd75dc50d (patch) | |
| tree | 754980dde46166a96bf950a9c98a9bf6996baed7 /modules/server/spectrum/spectrumbot | |
| parent | c510a1270e6241cc22bafaa84b4d1e6ffb66bb6d (diff) | |
| download | nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar.gz nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar.bz2 nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar.lz nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar.xz nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.tar.zst nixlib-2189c4ecce070aa8b301858c43af5facd75dc50d.zip | |
modules/spectrum/irccat: fix SystemCallFilter
The set of syscalls it uses appears to have changed in an update. @system-service is supposed to be "a reasonable set of system calls used by common system services, excluding any special purpose calls.", which sounds good enough.
Diffstat (limited to 'modules/server/spectrum/spectrumbot')
| -rw-r--r-- | modules/server/spectrum/spectrumbot/irccat/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/server/spectrum/spectrumbot/irccat/default.nix b/modules/server/spectrum/spectrumbot/irccat/default.nix index 0f5352c761a4..f4efd3828703 100644 --- a/modules/server/spectrum/spectrumbot/irccat/default.nix +++ b/modules/server/spectrum/spectrumbot/irccat/default.nix @@ -47,7 +47,7 @@ serviceConfig.RestrictNamespaces = true; serviceConfig.RestrictRealtime = true; serviceConfig.SystemCallArchitectures = "native"; - serviceConfig.SystemCallFilter = "~@clock @cpu-emulation @debug @module @mount @obsolete @privileged @raw-io @reboot @resources @swap"; + serviceConfig.SystemCallFilter = [ "@system-service" "~@privileged" ]; serviceConfig.UMask = "0077"; }; } |