diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2024-03-15 18:53:04 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-15 18:53:04 +0000 |
commit | 0d17fd9524aae7a96bc107b002c6c3781017e9c2 (patch) | |
tree | f77e00f92dcb362806336242a7148903d7127ba8 /nixos | |
parent | 164cc796f72c1055a9153383b31ff90f466d2423 (diff) | |
parent | 10fc05bfc1bb3713f37b730987d0a4c539b166c7 (diff) |
Merge pull request #292473 from networkException/fix-synapse-unix-socket-permissions
nixos/matrix-synapse: allow synapse to write to directories of unix socket paths
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/matrix/synapse.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/synapse.nix b/nixos/modules/services/matrix/synapse.nix index e3f9c7742cc7d..7291c0fcbcdda 100644 --- a/nixos/modules/services/matrix/synapse.nix +++ b/nixos/modules/services/matrix/synapse.nix @@ -1232,7 +1232,8 @@ in { ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; - ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ]; + ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++ + (map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners)); RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; |