nixos/mastodon/streaming: add '@memlock' SystemCallFilter

2021-05-12 11:41:11 +03:00 · 2021-05-12 11:41:11 +03:00 · a71576b07b
commit a71576b07b
parent 91e510ae22
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@ -521,7 +521,7 @@ in {
        RuntimeDirectory = "mastodon-streaming";
        RuntimeDirectoryMode = "0750";
        # System Call Filtering
-        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ])) "pipe" "pipe2" ];
+        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@memlock" "@resources" ])) "pipe" "pipe2" ];
      } // cfgService;
    };