about summary refs log tree commit diff
path: root/nixos/modules/services/audio
diff options
context:
space:
mode:
authorMidAutumnMoon <me@418.im>2022-10-24 11:02:42 +0800
committerzowoq <59103226+zowoq@users.noreply.github.com>2022-10-24 22:21:59 +1000
commit0ce08acdce4bc021f8dba9ed035cf7d1426dac86 (patch)
tree30ba516ea92fc2eecc0789029f5a8bae1d5a4fde /nixos/modules/services/audio
parent7415970a3e853ba153c4e8147147751d15e7ea98 (diff)
downloadnixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar.gz
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar.bz2
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar.lz
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar.xz
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.tar.zst
nixlib-0ce08acdce4bc021f8dba9ed035cf7d1426dac86.zip
nixos/navidrome: set proper SystemCallFilter
Diffstat (limited to 'nixos/modules/services/audio')
-rw-r--r--nixos/modules/services/audio/navidrome.nix2


1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/audio/navidrome.nix b/nixos/modules/services/audio/navidrome.nix
index d74835e220f7..e73828081d4b 100644
--- a/nixos/modules/services/audio/navidrome.nix
+++ b/nixos/modules/services/audio/navidrome.nix
@@ -62,7 +62,7 @@ in {
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         SystemCallArchitectures = "native";
-        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
         RestrictRealtime = true;
         LockPersonality = true;
         MemoryDenyWriteExecute = true;

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-14 08:51:35 +0000