diff options
| author | Izorkin <izorkin@elven.pw> | 2023-01-15 23:46:22 +0300 |
|---|---|---|
| committer | Austin Seipp <aseipp@pobox.com> | 2023-01-31 10:08:32 -0600 |
| commit | 59dbe319cec232cf2604fa2ca8f018a05a0eb88a (patch) | |
| tree | 309808422b30f65b8339d28719eff27171a980be /nixos | |
| parent | 239a93f205ee51368fe3e42f3cdeae705a69bfa8 (diff) | |
nixos/gitea: update SystemCallFilter
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/networking/ntp/chrony.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/ntp/chrony.nix b/nixos/modules/services/networking/ntp/chrony.nix index 69f0b36bf2a2..6c8d7b985d5f 100644 --- a/nixos/modules/services/networking/ntp/chrony.nix +++ b/nixos/modules/services/networking/ntp/chrony.nix @@ -203,7 +203,7 @@ in PrivateMounts = true; # System Call Filtering SystemCallArchitectures = "native"; - SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ]; + SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources" "@clock" "@setuid" "capset" "chown" ] ++ lib.optional pkgs.stdenv.hostPlatform.isAarch64 "fchownat"; }; }; }; |