We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 1648fec commit 65664d6Copy full SHA for 65664d6
nixos/modules/services/misc/gotenberg.nix
@@ -228,7 +228,6 @@ in
228
ProtectKernelModules = true;
229
ProtectKernelTunables = true;
230
ProtectProc = "invisible";
231
- ProcSubset = "pid";
232
233
RestrictAddressFamilies = [
234
"AF_UNIX"
@@ -240,11 +239,10 @@ in
240
239
RestrictRealtime = true;
241
242
LockPersonality = true;
243
- MemoryDenyWriteExecute = true;
244
245
SystemCallFilter = [
+ "@sandbox"
246
"@system-service"
247
- "~@privileged"
248
];
249
SystemCallArchitectures = "native";
250
0 commit comments