nixos/nats: set proper SystemCallFilter

This commit is contained in:
MidAutumnMoon 2022-10-25 16:47:46 +08:00
parent afb8d0e5a6
commit 9b8fd74d68
No known key found for this signature in database
GPG Key ID: 3B9D690FD7E4664A

View File

@ -137,7 +137,7 @@ in {
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
SystemCallFilter = [ "@system-service" "~@privileged" ];
UMask = "0077";
}
];