fix(nixos): allow @file-system syscalls

Otherwise ld-linux.so will get SIGSYS-ed, since we create a TemporaryFileSystem and mount everything readonly anyway, this is not really too terrible to allow.
author: sternenseemann <sternenseemann@systemli.org> 2022-02-21 14:37:32 +0100
committer: sternenseemann <sternenseemann@systemli.org> 2022-02-21 14:37:32 +0100
commit: f0fbd422fe1524385137d075562fb81159787952 (patch)
tree: de93751fb6b5758f088093e9c2a8e79ce58e1891
parent: 92416cdfb2c75e6c3e3762c680fc1b57c6e31ad0 (diff)
1 files changed, 2 insertions, 5 deletions
diff --git a/nixos/flipdot-gschichtler.nix b/nixos/flipdot-gschichtler.nix
index bf6797e..a3b94dd 100644
--- a/nixos/flipdot-gschichtler.nix
+++ b/nixos/flipdot-gschichtler.nix
@@ -103,11 +103,8 @@ in {
           "@timer"
           "brk"
           "mmap" "munmap" "mprotect"
-          "open" "openat"
-          "close"
-          "fstat" "stat"
-          "access"
-          ];
+          "@file-system"
+        ];
         SystemCallArchitectures = "native";
 
         CapabilityBoundingSet = "";
author	sternenseemann <sternenseemann@systemli.org>	2022-02-21 14:37:32 +0100
committer	sternenseemann <sternenseemann@systemli.org>	2022-02-21 14:37:32 +0100
commit	f0fbd422fe1524385137d075562fb81159787952 (patch)
tree	de93751fb6b5758f088093e9c2a8e79ce58e1891
parent	92416cdfb2c75e6c3e3762c680fc1b57c6e31ad0 (diff)