nixos/nats: set proper SystemCallFilter

author: MidAutumnMoon <me@418.im> 2022-10-25 16:47:46 +0800
committer: MidAutumnMoon <me@418.im> 2022-10-25 16:47:46 +0800
commit: 9b8fd74d68fca9eace442379fc74b80bbab894c1 (patch)
tree: e8d4640fb9eac6859a472cf1078d1d49b47df8ce /nixos/modules/services/networking
parent: afb8d0e5a62c6018c4cd3545c76e672cec6ccabb (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/nats.nix b/nixos/modules/services/networking/nats.nix
index dd732d2a9fca4..6c21e21b5cb88 100644
--- a/nixos/modules/services/networking/nats.nix
+++ b/nixos/modules/services/networking/nats.nix
@@ -137,7 +137,7 @@ in {
           RestrictNamespaces = true;
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
-          SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+          SystemCallFilter = [ "@system-service" "~@privileged" ];
           UMask = "0077";
         }
       ];
author	MidAutumnMoon <me@418.im>	2022-10-25 16:47:46 +0800
committer	MidAutumnMoon <me@418.im>	2022-10-25 16:47:46 +0800
commit	9b8fd74d68fca9eace442379fc74b80bbab894c1 (patch)
tree	e8d4640fb9eac6859a472cf1078d1d49b47df8ce /nixos/modules/services/networking
parent	afb8d0e5a62c6018c4cd3545c76e672cec6ccabb (diff)