colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: lemmy/lemmy-ui: harden the service with a syscall filter

Browse Source
This commit is contained in:
Colin
2024-07-29 02:19:02 +00:00
parent 0fae963d90
commit 2c707c3acd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/by-name/servo/services/lemmy.nix
View File

@@ -132,7 +132,7 @@ in {
serviceConfig.RestrictNamespaces = true; serviceConfig.RestrictNamespaces = true;
serviceConfig.RestrictSUIDSGID = true; serviceConfig.RestrictSUIDSGID = true;
serviceConfig.SystemCallArchitectures = "native"; serviceConfig.SystemCallArchitectures = "native";
# serviceConfig.SystemCallFilter = [ "@system-service" ]; #< TODO: this crashes; it needs more serviceConfig.SystemCallFilter = [ "@system-service" "@pkey" "@sandbox" ];
}; };
#v DO NOT REMOVE: defaults to 0.3, instead of latest, so always need to explicitly set this. #v DO NOT REMOVE: defaults to 0.3, instead of latest, so always need to explicitly set this.