nixos/opendkim: Fix CapabilityBoundingSet option

An empty list results in no CapabilityBoundingSet at all, an empty string however will set `CapabilityBoundingSet=`, which represents a closed set. Related: #120617
author: Martin Weinelt <hexa@darmstadt.ccc.de> 2021-04-25 20:24:07 +0200
committer: Martin Weinelt <hexa@darmstadt.ccc.de> 2021-04-25 20:24:39 +0200
commit: 3a9609613d1c98d03ec8fe3235a6aff3d3d2da21 (patch)
tree: 228b7fc819f5ce1412eaf9661e4b409437e552ed
parent: 6af7bcbd9324a12624dad9a799898e68d2e5d092 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/mail/opendkim.nix b/nixos/modules/services/mail/opendkim.nix
index 9bf6f338d93ed..beff57613afc5 100644
--- a/nixos/modules/services/mail/opendkim.nix
+++ b/nixos/modules/services/mail/opendkim.nix
@@ -134,7 +134,7 @@ in {
         ReadWritePaths = [ cfg.keyPath ];
 
         AmbientCapabilities = [];
-        CapabilityBoundingSet = [];
+        CapabilityBoundingSet = "";
         DevicePolicy = "closed";
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
author	Martin Weinelt <hexa@darmstadt.ccc.de>	2021-04-25 20:24:07 +0200
committer	Martin Weinelt <hexa@darmstadt.ccc.de>	2021-04-25 20:24:39 +0200
commit	3a9609613d1c98d03ec8fe3235a6aff3d3d2da21 (patch)
tree	228b7fc819f5ce1412eaf9661e4b409437e552ed
parent	6af7bcbd9324a12624dad9a799898e68d2e5d092 (diff)