nixos/snapserver: add AF_NETLINK to allowed address families

This is necessary for Librespot, which is spawned by snapserver in the same cgroup. Librespot requires querying local ip links and addresses for MDNS (Zeroconf/Avahi), and does so through NETLINK interface.
2020-09-27 20:54:04 +02:00 · 2020-09-27 20:54:04 +02:00 · 255882fbcc
commit 255882fbcc
parent a36cc03d96
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/audio/snapserver.nix
+++ b/nixos/modules/services/audio/snapserver.nix
@ -286,7 +286,7 @@ in {
        ProtectKernelTunables = true;
        ProtectControlGroups = true;
        ProtectKernelModules = true;
-        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
+        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
        RestrictNamespaces = true;
        RuntimeDirectory = name;
        StateDirectory = name;