phpfpm service: allow netlink sockets for sendmail

Fixes #26611.
2024-11-28 01:43:15 +00:00 · 2017-08-29 00:41:31 +02:00 · 2017-08-29 00:41:31 +02:00 · 8e622d2689
commit 8e622d2689
parent 8d6682ca0b
1 changed files with 2 additions and 1 deletions
--- a/nixos/modules/services/web-servers/phpfpm/default.nix
+++ b/nixos/modules/services/web-servers/phpfpm/default.nix
@ -150,7 +150,8 @@ in {
          PrivateDevices = true;
          ProtectSystem = "full";
          ProtectHome = true;
-          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
+          # XXX: We need AF_NETLINK to make the sendmail SUID binary from postfix work
+          RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
          Type = "notify";
          ExecStart = "${cfg.phpPackage}/bin/php-fpm -y ${cfgFile} -c ${phpIni}";
          ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";