Merge pull request #249323 from kevincox/photoprism-chmod

nixos.photoprism: Relax sandbox to allow running exiftool
This commit is contained in:
Felix Bühler 2023-08-17 21:01:40 +02:00 committed by GitHub
commit 96481fd201
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -123,7 +123,7 @@ in
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; SystemCallFilter = [ "@system-service" "~@setuid @keyring" ];
UMask = "0066"; UMask = "0066";
} // lib.optionalAttrs (cfg.port < 1024) { } // lib.optionalAttrs (cfg.port < 1024) {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];