Merge pull request #197657 from MidAutumnMoon/go-119-services-fix

2022-10-27 00:48:28 +02:00 · 2022-10-27 00:48:28 +02:00 · dc5fa53b83
commit dc5fa53b83
parent 6bcc077adf d3a95ce32c
3 changed files with 3 additions and 3 deletions
--- a/nixos/modules/services/mail/listmonk.nix
+++ b/nixos/modules/services/mail/listmonk.nix
@ -202,7 +202,7 @@ in {
        NoNewPrivileges = true;
        CapabilityBoundingSet = "";
        SystemCallArchitecture = "native";
-        SystemCallFilter = [ "@system-service" "~@privileged" "@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
        ProtectDevices = true;
        ProtectControlGroups = true;
        ProtectKernelTunables = true;
--- a/nixos/modules/services/networking/croc.nix
+++ b/nixos/modules/services/networking/croc.nix
@ -72,7 +72,7 @@ in
        RuntimeDirectoryMode = "700";
        SystemCallFilter = [
          "@system-service"
-          "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@resources" "~@setuid" "~@sync" "~@timer"
+          "~@aio" "~@keyring" "~@memlock" "~@privileged" "~@setuid" "~@sync" "~@timer"
        ];
        SystemCallArchitectures = "native";
        SystemCallErrorNumber = "EPERM";
--- a/nixos/modules/services/web-apps/galene.nix
+++ b/nixos/modules/services/web-apps/galene.nix
@ -191,7 +191,7 @@ in
          RestrictRealtime = true;
          RestrictSUIDSGID = true;
          SystemCallArchitectures = "native";
-          SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+          SystemCallFilter = [ "@system-service" "~@privileged" ];
          UMask = "0077";
        }
      ];