stuff

2025-05-10 23:21:34 -07:00
parent 2d14e9b8e3
commit 1a02597ca0
1 changed files with 2 additions and 1 deletions
--- a/nixos-modules/genieacs.nix
+++ b/nixos-modules/genieacs.nix
@@ -275,7 +275,8 @@ in
          DeviceAllow = "";
          ProtectSystem = "strict";
          LockPersonality = true;
-          MemoryDenyWriteExecute = true;
+          # it's nodejs, which has a JIT, so it needs write-execute memory
+          # MemoryDenyWriteExecute = true;
          NoNewPrivileges = true;
          PrivateDevices = true;
          PrivateMounts = true;