diff options
author | Erik Arvstedt <erik.arvstedt@gmail.com> | 2022-09-22 08:14:21 +0200 |
---|---|---|
committer | Erik Arvstedt <erik.arvstedt@gmail.com> | 2022-09-22 08:14:21 +0200 |
commit | ecacff35a6803be8ec93a261cf9836ccd26012aa (patch) | |
tree | 5dbe0bc6422ac26d9c00211aadd61a568c245902 /nixos/modules/services/misc/paperless.nix | |
parent | 57e15d64c3f675301cfee9fe4e87726691d8c94e (diff) |
nixos/paperless: add required syscall
`unpaper` requires syscall 238 (`set_mempolicy`). Add this by un-blocking the systemd syscall filter set `@resources` which is safe in the context of paperless.
Diffstat (limited to 'nixos/modules/services/misc/paperless.nix')
-rw-r--r-- | nixos/modules/services/misc/paperless.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix index e11158f8a12b9..6a98d5cb686d3 100644 --- a/nixos/modules/services/misc/paperless.nix +++ b/nixos/modules/services/misc/paperless.nix @@ -80,7 +80,7 @@ let RestrictSUIDSGID = true; SupplementaryGroups = optional enableRedis redisServer.user; SystemCallArchitectures = "native"; - SystemCallFilter = [ "@system-service" "~@privileged @resources @setuid @keyring" ]; + SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ]; # Does not work well with the temporary root #UMask = "0066"; }; |