nixos/botamusique: allow syscalls in the @resources group

Calls to ffmpeg from botamusique require the `set_mempolicy` syscall. Fixes: #205702
2022-12-12 15:36:58 +01:00 · 2022-12-12 15:36:58 +01:00 · d6f4f4584a
commit d6f4f4584a
parent 72ce854d2e
1 changed files with 1 additions and 2 deletions
--- a/nixos/modules/services/audio/botamusique.nix
+++ b/nixos/modules/services/audio/botamusique.nix
@ -103,9 +103,8 @@ in
        StateDirectory = "botamusique";
        SystemCallArchitectures = "native";
        SystemCallFilter = [
-          "@system-service"
+          "@system-service @resources"
          "~@privileged"
-          "~@resources"
        ];
        UMask = "0077";
        WorkingDirectory = "/var/lib/botamusique";