b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/paperless: add required syscall

Browse source 
`unpaper` requires syscall 238 (`set_mempolicy`).
Add this by un-blocking the systemd syscall filter set `@resources`
which is safe in the context of paperless.
This commit is contained in:
Erik Arvstedt 2022-09-22 08:14:21 +02:00
parent 57e15d64c3
commit ecacff35a6
No known key found for this signature in database
GPG key ID: 33312B944DD97846
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/misc/paperless.nix
View file

@ -80,7 +80,7 @@ let
RestrictSUIDSGID = true;
SupplementaryGroups = optional enableRedis redisServer.user;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
# Does not work well with the temporary root
#UMask = "0066";
};