cluster/services/attic: enable @resources syscall group

2024-11-10 04:15:28 +01:00 · 2024-11-10 04:15:28 +01:00 · 886ddd9a1a
commit 886ddd9a1a
parent 15af41e3c4
1 changed files with 1 additions and 0 deletions
--- a/cluster/services/attic/server.nix
+++ b/cluster/services/attic/server.nix
@ -65,6 +65,7 @@ in
    serviceConfig = {
      DynamicUser = lib.mkForce false;
      RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ];
+      SystemCallFilter = lib.mkAfter [ "@resources" ];
    };
    environment = {
      AWS_SHARED_CREDENTIALS_FILE = "/run/locksmith/garage-attic";