clightning: re-enable seccomp filtering
This commit is contained in:
parent
16f5aa0561
commit
1a8e7d6348
@ -148,14 +148,6 @@ in {
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
|
||||
# TODO-EXTERNAL:
|
||||
# The seccomp version used by systemd in NixOS 21.05 doesn't support
|
||||
# handling syscall 436 (close_range), which has only recently been added:
|
||||
# https://github.com/seccomp/libseccomp/commit/ac849e7960547d418009a783da654d5917dbfe2d
|
||||
#
|
||||
# Disable seccomp filtering because clightning depends on this syscall.
|
||||
SystemCallFilter = [];
|
||||
} // nbLib.allowedIPAddresses cfg.tor.enforce;
|
||||
# Wait until the rpc socket appears
|
||||
postStart = ''
|
||||
|
Loading…
Reference in New Issue
Block a user