lorri.service: remove ProtectHome, relax ProtectSystem
per lorri's readme: lorri creates an indirect garbage collection root for each .drv in $XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it evaluates your project. ... so it doesn't make sense to have ProtectHome enabled for lorri.service. lorri also needs to be able to modify /nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict'; 'full' is the next strongest. fixes: lorri: ERRO IO error binding to socket: Read-only file system (os error 30) bisecting this error leads to a range of unbuildable commits including 'a31429165204 Merge pull request #243242 from RaitoBezarius/systemd-254', so it's likely that systemd update changed the behaviour of ProtectHome somehow (though the release notes don't have any obvious culprits).
This commit is contained in:
parent
2c7f3c0fb7
commit
db64f7f737
@ -44,8 +44,7 @@ in {
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/lorri daemon";
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = "read-only";
|
||||
ProtectSystem = "full";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user