greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clightning: work around unsupported seccomp syscall

Browse Source
This commit is contained in:
Erik Arvstedt 2021-11-10 21:25:12 +01:00
parent 38a843d005
commit 4a74b7de08
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/clightning.nix
View File

@ -137,6 +137,14 @@ in {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";
ReadWritePaths = cfg.dataDir; ReadWritePaths = cfg.dataDir;
# TODO-EXTERNAL:
# The seccomp version used by systemd in NixOS 21.05 doesn't support
# handling syscall 436 (close_range), which has only recently been added:
# https://github.com/seccomp/libseccomp/commit/ac849e7960547d418009a783da654d5917dbfe2d
#
# Disable seccomp filtering because clightning depends on this syscall.
SystemCallFilter = [];
} // nbLib.allowedIPAddresses cfg.enforceTor; } // nbLib.allowedIPAddresses cfg.enforceTor;
# Wait until the rpc socket appears # Wait until the rpc socket appears
postStart = '' postStart = ''