[Backport release-24.11] nixos/zigbee2mqtt: only add port to DeviceAllow if it is a device (#356582)

2024-11-21 22:43:01 +00:00 · 2024-11-17 09:19:11 -05:00 · 2024-11-17 09:19:11 -05:00 · 9156f19e52
commit 9156f19e52
parent 62de5ad9f0 059acfca2d
1 changed files with 1 additions and 3 deletions
--- a/nixos/modules/services/home-automation/zigbee2mqtt.nix
+++ b/nixos/modules/services/home-automation/zigbee2mqtt.nix
@ -76,9 +76,7 @@ in

        # Hardening
        CapabilityBoundingSet = "";
-        DeviceAllow = [
-          config.services.zigbee2mqtt.settings.serial.port
-        ];
+        DeviceAllow = lib.optionals (lib.hasPrefix "/" cfg.settings.serial.port) [ cfg.settings.serial.port ];
        DevicePolicy = "closed";
        LockPersonality = true;
        MemoryDenyWriteExecute = false;