mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-21 20:49:52 +03:00
nixos/paperless: add required syscall
`unpaper` requires syscall 238 (`set_mempolicy`). Add this by un-blocking the systemd syscall filter set `@resources` which is safe in the context of paperless.
This commit is contained in:
parent
57e15d64c3
commit
ecacff35a6
@ -80,7 +80,7 @@ let
|
|||||||
RestrictSUIDSGID = true;
|
RestrictSUIDSGID = true;
|
||||||
SupplementaryGroups = optional enableRedis redisServer.user;
|
SupplementaryGroups = optional enableRedis redisServer.user;
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ];
|
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
|
||||||
# Does not work well with the temporary root
|
# Does not work well with the temporary root
|
||||||
#UMask = "0066";
|
#UMask = "0066";
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user