Unverified Commit 2dabc4fc authored by Martin Weinelt's avatar Martin Weinelt
Browse files

nixos/logrotate: reorder setuid syscall group 

Relevant parts of @setuid are in @privileged, so we need to flip the
order around, to grant @setuid in spite of denying @privileged.
parent 7c8fc691

nixos/modules/services/logging/logrotate.nix

+2 −2
Original line number Diff line number Diff line
@@ -285,9 +285,9 @@ in 
        RestrictSUIDSGID = false; # can create sgid directories

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "@system-service @setuid"

          "@system-service"

          "~@privileged @resources"

          "@chown"

          "@chown @setuid"

        ];

        UMask = "0027";

      } // lib.optionalAttrs (!cfg.allowNetworking) {