robin/palantir
1
0
Fork 0
mirror of https://codeberg.org/icewind/palantir.git synced 2026-06-03 18:24:08 +02:00
Code Issues Projects Releases Wiki Activity

fix zfs in flake

Browse source
This commit is contained in:
Robin Appelman 2022-08-20 21:45:27 +02:00
commit 4e0095e7f4
2 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -121,7 +121,7 @@
ProtectSystem = "strict";
ProtectHome = true;
NoNewPrivileges = true;
ProtectClock = true;
ProtectClock = !cfg.zfs; # Enabling this breaks libzfs
CapabilityBoundingSet = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
@ -132,7 +132,6 @@
ProtectHostname = true;
LockPersonality = true;
ProtectKernelTunables = true;
DevicePolicy = "closed";
RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_NETLINK"] ++ lib.optional cfg.docker "AF_UNIX"; # netlink is required to make `getifaddrs` not err
RestrictRealtime = true;
SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];