Unverified Commit 0d17fd95 authored by Maximilian Bosch's avatar Maximilian Bosch Committed by GitHub
Browse files

Merge pull request #292473 from networkException/fix-synapse-unix-socket-permissions 

nixos/matrix-synapse: allow synapse to write to directories of unix socket paths
parents 164cc796 10fc05bf

nixos/modules/services/matrix/synapse.nix

+2 −1
Original line number Diff line number Diff line
@@ -1232,7 +1232,8 @@ in { 
            ProtectKernelTunables = true;

            ProtectProc = "invisible";

            ProtectSystem = "strict";

            ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ];

            ReadWritePaths = [ cfg.dataDir cfg.settings.media_store_path ] ++

              (map (listener: dirOf listener.path) (filter (listener: listener.path != null) cfg.settings.listeners));

            RemoveIPC = true;

            RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];

            RestrictNamespaces = true;