nixos/home-assistant: allow capset with components using ping command

This commit is contained in:
Martin Weinelt 2022-01-25 18:29:16 +01:00
parent a6e45b0893
commit d4061dcc6e
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759

View File

@ -278,6 +278,11 @@ in {
"bluetooth_tracker"
"bluetooth_le_tracker"
];
componentsUsingPing = [
# Components that require the capset syscall for the ping wrapper
"ping"
"wake_on_lan"
];
componentsUsingSerialDevices = [
# Components that require access to serial devices (/dev/tty*)
# List generated from home-assistant documentation:
@ -382,6 +387,8 @@ in {
SystemCallFilter = [
"@system-service"
"~@privileged"
] ++ optionals (any useComponent componentsUsingPing) [
"capset"
];
UMask = "0077";
};