cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/paperless: Allow mbind syscall in paperless-web.services

Browse source 
After uploading a document through the webinterface I started seeing
it killed through the SYSBUS signal. Inspecting the call trace led me to
liblapack's memory allocator, that uses the mbind syscall on Linux.
This commit is contained in:
Martin Weinelt 2022-09-04 13:46:35 +02:00
parent 8da59ca2a2
commit 94f00041f0
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/modules/services/misc/paperless.nix
View file

@ -287,8 +287,8 @@ in
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
# gunicorn needs setuid # gunicorn needs setuid, liblapack needs mbind
SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "@setuid" ]; SystemCallFilter = defaultServiceConfig.SystemCallFilter ++ [ "@setuid mbind" ];
# Needs to serve web page # Needs to serve web page
PrivateNetwork = false; PrivateNetwork = false;
}; };