jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/home-assistant: allow capset with components using ping command

Browse Source
This commit is contained in:
Martin Weinelt 2022-01-25 18:29:16 +01:00
parent a6e45b0893
commit d4061dcc6e
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/services/misc/home-assistant.nix
View File

@ -278,6 +278,11 @@ in {
"bluetooth_tracker" "bluetooth_tracker"
"bluetooth_le_tracker" "bluetooth_le_tracker"
]; ];
componentsUsingPing = [
# Components that require the capset syscall for the ping wrapper
"ping"
"wake_on_lan"
];
componentsUsingSerialDevices = [ componentsUsingSerialDevices = [
# Components that require access to serial devices (/dev/tty*) # Components that require access to serial devices (/dev/tty*)
# List generated from home-assistant documentation: # List generated from home-assistant documentation:
@ -382,6 +387,8 @@ in {
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"~@privileged" "~@privileged"
] ++ optionals (any useComponent componentsUsingPing) [
"capset"
]; ];
UMask = "0077"; UMask = "0077";
}; };