clightning: re-enable seccomp filtering
This commit is contained in:
parent
16f5aa0561
commit
1a8e7d6348
@ -148,14 +148,6 @@ in {
|
|||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSec = "10s";
|
RestartSec = "10s";
|
||||||
ReadWritePaths = cfg.dataDir;
|
ReadWritePaths = cfg.dataDir;
|
||||||
|
|
||||||
# TODO-EXTERNAL:
|
|
||||||
# The seccomp version used by systemd in NixOS 21.05 doesn't support
|
|
||||||
# handling syscall 436 (close_range), which has only recently been added:
|
|
||||||
# https://github.com/seccomp/libseccomp/commit/ac849e7960547d418009a783da654d5917dbfe2d
|
|
||||||
#
|
|
||||||
# Disable seccomp filtering because clightning depends on this syscall.
|
|
||||||
SystemCallFilter = [];
|
|
||||||
} // nbLib.allowedIPAddresses cfg.tor.enforce;
|
} // nbLib.allowedIPAddresses cfg.tor.enforce;
|
||||||
# Wait until the rpc socket appears
|
# Wait until the rpc socket appears
|
||||||
postStart = ''
|
postStart = ''
|
||||||
|
Loading…
Reference in New Issue
Block a user