From 050b7eec1688c2c4cd3391aa673bed9398d3bf9f Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Mon, 15 Aug 2016 20:01:12 +0200
Subject: grsecurity module: systemd-nspawn requires cap_sys_admin

As with 9ca3504a798291fbd7c49fcfeec8b64daa2022ad

Closes https://github.com/NixOS/nixpkgs/issues/17714
---
 nixos/modules/security/grsecurity.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index 5eb88917dd56..9a2f62a14889 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -125,6 +125,7 @@ in
       "kernel.grsecurity.chroot_deny_chmod" = mkForce 0;
       "kernel.grsecurity.chroot_deny_mount" = mkForce 0;
       "kernel.grsecurity.chroot_restrict_nice" = mkForce 0;
+      "kernel.grsecurity.chroot_caps" = mkForce 0;
     };
 
     assertions = [
-- 
cgit 1.4.1