[Backport release-24.11] nixos-containers: fix enableTun option (#358484)

2024-11-29 02:13:23 +00:00 · 2024-11-23 17:24:00 +01:00 · 2024-11-23 17:24:00 +01:00 · b3e5402d7e
commit b3e5402d7e
parent 47754142d4 0f2160901b
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/virtualisation/nixos-containers.nix
+++ b/nixos/modules/virtualisation/nixos-containers.nix
@ -705,7 +705,7 @@ in
            allowedDevices = mkOption {
              type = with types; listOf (submodule allowedDeviceOpts);
              default = [];
-              example = [ { node = "/dev/net/tun"; modifier = "rw"; } ];
+              example = [ { node = "/dev/net/tun"; modifier = "rwm"; } ];
              description = ''
                A list of device nodes to which the containers has access to.
              '';
@ -835,7 +835,7 @@ in
            optionalAttrs cfg.enableTun
              {
                allowedDevices = cfg.allowedDevices
-                  ++ [ { node = "/dev/net/tun"; modifier = "rw"; } ];
+                  ++ [ { node = "/dev/net/tun"; modifier = "rwm"; } ];
                additionalCapabilities = cfg.additionalCapabilities
                  ++ [ "CAP_NET_ADMIN" ];
              }