ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-05 02:23:07 +03:00
Code Issues Projects Releases Wiki Activity

nixos/prometheus: fix startup w/hardened service

Browse Source 
See the discussion below the original PR[1] and #197443 for more
context.

I guess I missed that upon review because the branch was too old and I
cherry-picked the commit onto my deployment branch which is based on
22.05. Sorry for that!

[1] https://github.com/NixOS/nixpkgs/pull/162784#issuecomment-1306848036
This commit is contained in:
Maximilian Bosch 2022-11-08 17:46:35 +01:00
parent 6b572437c0
commit dcb32beda0
No known key found for this signature in database
GPG Key ID: 9A6EEA275CA5BE0A
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/monitoring/prometheus/default.nix
View File

@ -1822,7 +1822,7 @@ in
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
SystemCallFilter = [ "@system-service" "~@privileged" ];
};
};
# prometheus-config-reload will activate after prometheus. However, what we