diff options
| author | Luke Granger-Brown <git@lukegb.com> | 2022-09-06 09:36:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-06 09:36:23 +0100 |
| commit | 8157e3d89fb052c32937c91f27d9c6aaa46bd3ac (patch) | |
| tree | f0e6405128fd0d01af1678fbd39039605946802f /nixos | |
| parent | 3b987a45a472f104021bb9ea5a7503755edcf276 (diff) | |
| parent | bfe73f95430a71daf1d2fdf1ae6832f2a4db0f35 (diff) | |
| download | nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar.gz nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar.bz2 nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar.lz nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar.xz nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.tar.zst nixlib-8157e3d89fb052c32937c91f27d9c6aaa46bd3ac.zip | |
Merge pull request #189934 from delroth/grafana-sandboxing
nixos/grafana: loosen systemd syscall sandboxing
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/monitoring/grafana.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/grafana.nix b/nixos/modules/services/monitoring/grafana.nix index d72aaf0464ed..dd99fa3ddccd 100644 --- a/nixos/modules/services/monitoring/grafana.nix +++ b/nixos/modules/services/monitoring/grafana.nix @@ -792,7 +792,7 @@ in { SystemCallArchitectures = "native"; # Upstream grafana is not setting SystemCallFilter for compatibility # reasons, see https://github.com/grafana/grafana/pull/40176 - SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; UMask = "0027"; }; preStart = '' |