diff options
author | Alexandre Macabies <web+oss@zopieux.com> | 2020-09-27 20:54:04 +0200 |
---|---|---|
committer | Alexandre Macabies <web+oss@zopieux.com> | 2021-02-05 19:23:25 +0100 |
commit | 255882fbcc64a9c210d5b1bba78a0ddba7ed352d (patch) | |
tree | a7a55e8f09e237ac6f4e331030df316588e76135 /nixos/modules | |
parent | a36cc03d96594526565ce06a0b6db14286fe88ae (diff) |
nixos/snapserver: add AF_NETLINK to allowed address families
This is necessary for Librespot, which is spawned by snapserver in the same cgroup. Librespot requires querying local ip links and addresses for MDNS (Zeroconf/Avahi), and does so through NETLINK interface.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/audio/snapserver.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/audio/snapserver.nix b/nixos/modules/services/audio/snapserver.nix index b207fd30e222e..0acaccfd3ca9c 100644 --- a/nixos/modules/services/audio/snapserver.nix +++ b/nixos/modules/services/audio/snapserver.nix @@ -286,7 +286,7 @@ in { ProtectKernelTunables = true; ProtectControlGroups = true; ProtectKernelModules = true; - RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX"; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; RestrictNamespaces = true; RuntimeDirectory = name; StateDirectory = name; |