nixos/galene: do not restrict AF_NETLINK

Built-in TURN server requires AF_NETLINK address family.
2023-08-18 13:43:46 +02:00 · 2023-08-18 13:43:46 +02:00 · 64a71aea98
parent 9310806eb6
commit 64a71aea98
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-apps/galene.nix
+++ b/nixos/modules/services/web-apps/galene.nix
@ -186,7 +186,7 @@ in
          ProtectSystem = "strict";
          ReadWritePaths = cfg.recordingsDir;
          RemoveIPC = true;
-          RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+          RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ];
          RestrictNamespaces = true;
          RestrictRealtime = true;
          RestrictSUIDSGID = true;