nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 09:23:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos.photoprism: Relax sandbox to allow running exiftool

Browse Source 
exiftool is written in Perl which appears to call `chown` as part of startup. This is blocked by the `@privileged` system call group. This causes a failure when changing image orientation.

Fixes: https://github.com/NixOS/nixpkgs/issues/249120
This commit is contained in:
Kevin Cox 2023-08-15 07:58:42 -04:00
parent ea95c09176
commit 86c67a1f11
No known key found for this signature in database
GPG Key ID: 9BB92CC1552E99AA
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/web-apps/photoprism.nix
View File

@ -123,7 +123,7 @@ in
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @setuid @keyring" ];
SystemCallFilter = [ "@system-service" "~@setuid @keyring" ];
UMask = "0066";
} // lib.optionalAttrs (cfg.port < 1024) {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];