nixos/nginx: tengine requires allowing @ipc calls

2021-11-23 01:28:43 +03:00 · 2021-11-23 01:28:43 +03:00 · 7376f4e34f
commit 7376f4e34f
parent 78546bbbc5
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -907,7 +907,7 @@ in
        PrivateMounts = true;
        # System Call Filtering
        SystemCallArchitectures = "native";
-        SystemCallFilter = "~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid @mincore";
+        SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid @mincore" ] ++ optionals (cfg.package != pkgs.tengine) [ "~@ipc" ];
      };
    };