nixos/nats: set proper SystemCallFilter
This commit is contained in:
parent
afb8d0e5a6
commit
9b8fd74d68
@ -137,7 +137,7 @@ in {
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
|
||||
SystemCallFilter = [ "@system-service" "~@privileged" ];
|
||||
UMask = "0077";
|
||||
}
|
||||
];
|
||||
|
Loading…
Reference in New Issue
Block a user