From 53651179b922485330a96a13cacfe7d08ec0938b Mon Sep 17 00:00:00 2001 From: Izorkin Date: Tue, 4 May 2021 23:13:51 +0300 Subject: [PATCH] nixos/netdata: update capabilities --- nixos/modules/services/monitoring/netdata.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index a6ecc2a566ca..c2ee1c0df7f1 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -183,6 +183,9 @@ in { ConfigurationDirectory = "netdata"; ConfigurationDirectoryMode = "0755"; # Capabilities + AmbientCapabilities = [ + "CAP_SETUID" # is required for cgroups and cgroups-network plugins + ]; CapabilityBoundingSet = [ "CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins "CAP_DAC_READ_SEARCH" # is required for apps plugin @@ -192,6 +195,8 @@ in { "CAP_SYS_PTRACE" # is required for apps plugin "CAP_SYS_RESOURCE" # is required for ebpf plugin "CAP_NET_RAW" # is required for fping app + "CAP_SYS_CHROOT" # is required for cgroups plugin + "CAP_SETUID" # is required for cgroups and cgroups-network plugins ]; # Sandboxing ProtectSystem = "full";