about summary refs log tree commit diff
path: root/nixos/modules/services/misc/geoipupdate.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/misc/geoipupdate.nix')
-rw-r--r--nixos/modules/services/misc/geoipupdate.nix4
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix
index fafe4e3f24197..27c1157e9a8c7 100644
--- a/nixos/modules/services/misc/geoipupdate.nix
+++ b/nixos/modules/services/misc/geoipupdate.nix
@@ -183,7 +183,7 @@ in
         DynamicUser = true;
         ReadWritePaths = cfg.settings.DatabaseDirectory;
         RuntimeDirectory = "geoipupdate";
-        RuntimeDirectoryMode = 0700;
+        RuntimeDirectoryMode = "0700";
         CapabilityBoundingSet = "";
         PrivateDevices = true;
         PrivateMounts = true;
@@ -197,7 +197,7 @@ in
         ProtectKernelTunables = true;
         ProtectProc = "invisible";
         ProcSubset = "pid";
-        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" ];
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
         RestrictRealtime = true;
         RestrictNamespaces = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 13:37:08 +0000