From 64a71aea985b7116f9334e9ecf5f9cc83ed46fb7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 18 Aug 2023 13:43:46 +0200 Subject: [PATCH] nixos/galene: do not restrict AF_NETLINK Built-in TURN server requires AF_NETLINK address family. --- nixos/modules/services/web-apps/galene.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/galene.nix b/nixos/modules/services/web-apps/galene.nix index 747b85f94c65..81fed8a0b99a 100644 --- a/nixos/modules/services/web-apps/galene.nix +++ b/nixos/modules/services/web-apps/galene.nix @@ -186,7 +186,7 @@ in ProtectSystem = "strict"; ReadWritePaths = cfg.recordingsDir; RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true;