cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/prometheus-smartctl: set proper SystemCallFilter

Browse source
This commit is contained in:
MidAutumnMoon 2022-10-25 16:47:09 +08:00
parent f4342c11e5
commit afb8d0e5a6
No known key found for this signature in database
GPG key ID: 3B9D690FD7E4664A
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nixos/modules/services/monitoring/prometheus/exporters/smartctl.nix
View file

@ -66,10 +66,7 @@ in {
ProtectProc = "invisible"; ProtectProc = "invisible";
ProcSubset = "pid"; ProcSubset = "pid";
SupplementaryGroups = [ "disk" ]; SupplementaryGroups = [ "disk" ];
SystemCallFilter = [ SystemCallFilter = [ "@system-service" "~@privileged" ];
"@system-service"
"~@privileged @resources"
];
}; };
}; };
} }