nixos/logrotate: reorder setuid syscall group

Relevant parts of @setuid are in @privileged, so we need to flip the order around, to grant @setuid in spite of denying @privileged.
2025-02-23 04:25:14 +00:00 · 2024-09-30 13:24:08 +02:00 · 2024-09-30 13:24:08 +02:00 · 2dabc4fce1
commit 2dabc4fce1
parent 7c8fc691cf
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/logging/logrotate.nix
+++ b/nixos/modules/services/logging/logrotate.nix
@ -285,9 +285,9 @@ in
        RestrictSUIDSGID = false; # can create sgid directories
        SystemCallArchitectures = "native";
        SystemCallFilter = [
-          "@system-service @setuid"
+          "@system-service"
          "~@privileged @resources"
-          "@chown"
+          "@chown @setuid"
        ];
        UMask = "0027";
      } // lib.optionalAttrs (!cfg.allowNetworking) {