cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #292473 from networkException/fix-synapse-unix-socket-permissions

Browse source 
nixos/matrix-synapse: allow synapse to write to directories of unix socket paths
This commit is contained in:
Maximilian Bosch 2024-03-15 18:53:04 +00:00 committed by GitHub
commit 0d17fd9524
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/services/matrix/synapse.nix
View file

@ -1232,7 +1232,8 @@ in {
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectProc = "invisible"; ProtectProc = "invisible";
ProtectSystem = "strict"; ProtectSystem = "strict";
ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ]; ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++
(map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners));
RemoveIPC = true; RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true; RestrictNamespaces = true;