diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/mail/listmonk.nix | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/nixos/modules/services/mail/listmonk.nix b/nixos/modules/services/mail/listmonk.nix index be2f9680ca5ac..945eb436c1f23 100644 --- a/nixos/modules/services/mail/listmonk.nix +++ b/nixos/modules/services/mail/listmonk.nix @@ -201,13 +201,12 @@ in { DynamicUser = true; NoNewPrivileges = true; CapabilityBoundingSet = ""; - SystemCallArchitecture = "native"; + SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" ]; - ProtectDevices = true; + PrivateDevices = true; ProtectControlGroups = true; ProtectKernelTunables = true; ProtectHome = true; - DeviceAllow = false; RestrictNamespaces = true; RestrictRealtime = true; UMask = "0027"; |