diff options
| author | Jakub OkoĊski <jakub@okonski.org> | 2022-09-18 23:17:50 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-18 23:17:50 +0200 |
| commit | 1655d5ab7a7a259f53393a369459ff533fcce9e6 (patch) | |
| tree | b2883c21aea411a8eb620422feaae1674432fed6 /nixos | |
| parent | 165abe7d7337353c2a692b39add7c1da055ecd87 (diff) | |
| download | nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar.gz nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar.bz2 nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar.lz nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar.xz nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.tar.zst nixlib-1655d5ab7a7a259f53393a369459ff533fcce9e6.zip | |
nixos/rust-motd: fix systemd service checks
By completely locking down RestrictAddressFamilies, the service was unable to talk to systemd to check .service statuses.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/programs/rust-motd.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/programs/rust-motd.nix b/nixos/modules/programs/rust-motd.nix index f89b5e038387..d5f1820ba752 100644 --- a/nixos/modules/programs/rust-motd.nix +++ b/nixos/modules/programs/rust-motd.nix @@ -69,7 +69,7 @@ in { ProtectKernelTunables = true; ProtectSystem = "full"; StateDirectory = "rust-motd"; - RestrictAddressFamilies = "none"; + RestrictAddressFamilies = [ "AF_UNIX" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; |