Merge pull request #121865 from mweinelt/home-assistant

1 files changed, 3 insertions, 2 deletions

diff --git a/nixos/modules/services/misc/home-assistant.nix b/nixos/modules/services/misc/home-assistant.nix
index 1985f1308811..1e33381de24c 100644
--- a/nixos/modules/services/misc/home-assistant.nix
+++ b/nixos/modules/services/misc/home-assistant.nix
@@ -298,7 +298,7 @@ in {
         ProtectKernelModules = true;
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
-        ProcSubset = "pid";
+        ProcSubset = "all";
         ProtectSystem = "strict";
         RemoveIPC = true;
         ReadWritePaths = let
@@ -308,9 +308,10 @@ in {
           allowPaths = if isList value then value else singleton value;
         in [ "${cfg.configDir}" ] ++ allowPaths;
         RestrictAddressFamilies = [
-          "AF_UNIX"
           "AF_INET"
           "AF_INET6"
+          "AF_NETLINK"
+          "AF_UNIX"
         ] ++ optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [
           "AF_BLUETOOTH"
         ];