nixpkgs/nixos/modules/services
Ben Wolsieffer b92dae961c nixos/chrony: allow @chown syscall set
The module was allowing specific chown syscalls, which is brittle because
there are several and different ones are used by glibc on different
architectures. For example, fchownat was already added to the allowlist for
aarch64, while on armv6l chrony crashes because chown32 is not in the
allowlist.

systemd provides the @chown syscall set, which includes all the chown
syscalls and avoids this brittleness. I believe the syscalls would all be
equivalent from an attacker's perspective, so there is unlikely to be any
security impact.
2023-03-12 18:10:56 -05:00
..
admin
amqp
audio
backup Merge pull request #191974 from tu-maurice/btrbk-doas 2023-03-11 16:10:50 +01:00
blockchain/ethereum
cluster nixos/k3s: add environmentFile as an option 2023-02-27 08:15:25 -03:00
computing
continuous-integration Merge pull request #216451 from Mindavi/hydra/systemd-target 2023-03-09 20:53:21 +01:00
databases
desktops
development nixos/gemstash: init module 2023-03-07 15:56:56 +11:00
display-managers
editors
finance
games
hardware nixos/fwupd: add settings option for uefi_capsule.conf 2023-03-10 15:25:41 -05:00
home-automation
logging
mail Merge pull request #214346 from SFrijters/postfix-ipv4 2023-02-27 18:24:53 +00:00
matrix Merge pull request #178447 from Francesco149/dendrite-prestart 2023-03-03 18:45:09 +01:00
misc nixos/jellyseerr: init 2023-03-10 16:18:00 +01:00
monitoring Merge pull request #205060 from jslight90/patch-8 2023-03-10 11:19:31 +01:00
network-filesystems
networking nixos/chrony: allow @chown syscall set 2023-03-12 18:10:56 -05:00
printing
scheduling
search nixos/opensearch: fix opensearch startup 2023-02-27 16:07:12 +00:00
security
system
torrent
tracing
ttys
video
wayland
web-apps Merge pull request #197613 from shyim/add-coder 2023-03-09 12:04:16 +04:00
web-servers nixos/nginx: add defaultMimeTypes option 2023-03-07 19:37:18 +03:00
x11 nixos/plasma5: add ark as an optional package instead 2023-03-11 21:29:24 +08:00