Merge pull request #182342 from veehaitch/github-runner-capset

nixos/github-runner: fix capset syscall filtering
This commit is contained in:
Winter 2022-07-21 11:26:34 -04:00 committed by GitHub
commit 2922becf6d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -300,7 +300,6 @@ in
UMask = "0066";
ProtectProc = "invisible";
SystemCallFilter = [
"~@capset"
"~@clock"
"~@cpu-emulation"
"~@module"
@ -308,6 +307,7 @@ in
"~@obsolete"
"~@raw-io"
"~@reboot"
"~capset"
"~setdomainname"
"~sethostname"
];