nixos/navidrome: set proper SystemCallFilter

2022-10-24 11:02:42 +08:00 · 2022-10-24 11:02:42 +08:00 · 0ce08acdce
parent 7415970a3e
commit 0ce08acdce
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/audio/navidrome.nix
+++ b/nixos/modules/services/audio/navidrome.nix
@ -62,7 +62,7 @@ in {
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        SystemCallArchitectures = "native";
-        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
        RestrictRealtime = true;
        LockPersonality = true;
        MemoryDenyWriteExecute = true;