From bd8413e8e1d6b698186c4b8cd428110e71b5b463 Mon Sep 17 00:00:00 2001
From: MidAutumnMoon <me@418.im>
Date: Tue, 25 Oct 2022 15:41:54 +0800
Subject: [PATCH] nixos/snowflake-proxy: set proper SystemCallFilter

---
 nixos/modules/services/networking/snowflake-proxy.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/snowflake-proxy.nix b/nixos/modules/services/networking/snowflake-proxy.nix
index 7299db7a53e8..ca015ed9d44b 100644
--- a/nixos/modules/services/networking/snowflake-proxy.nix
+++ b/nixos/modules/services/networking/snowflake-proxy.nix
@@ -71,7 +71,7 @@ in
         RestrictNamespaces = true;
         RestrictRealtime = true;
         SystemCallArchitectures = "native";
-        SystemCallFilter = "~@clock @cpu-emulation @debug @mount @obsolete @reboot @swap @privileged @resources";
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
         UMask = "0077";
       };
     };