nixos/endlessh-go: set proper SystemCallFilter

2022-10-24 10:46:56 +08:00 · 2022-10-24 10:46:56 +08:00 · 7415970a3e
commit 7415970a3e
parent db029623b7
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/security/endlessh-go.nix
+++ b/nixos/modules/services/security/endlessh-go.nix
@ -126,7 +126,7 @@ in
          RestrictRealtime = true;
          RestrictSUIDSGID = true;
          SystemCallArchitectures = "native";
-          SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
+          SystemCallFilter = [ "@system-service" "~@privileged" ];
        };
    };