colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/snowflake-proxy: set proper SystemCallFilter

Browse Source
This commit is contained in:
MidAutumnMoon 2022-10-25 15:41:54 +08:00
parent 8e22463268
commit bd8413e8e1
No known key found for this signature in database
GPG Key ID: 3B9D690FD7E4664A
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/networking/snowflake-proxy.nix
View File

@ -71,7 +71,7 @@ in
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @mount @obsolete @reboot @swap @privileged @resources";
SystemCallFilter = [ "@system-service" "~@privileged" ];
UMask = "0077";
};
};