Unverified Commit 4066e495 authored by Martin Weinelt's avatar Martin Weinelt
Browse files

nixos/frigate: reduce visible process scope to cgroup 

Frigate exposes process metrics using the psutil library and previously
saw all system processes. Reducing the scope to the unit cgroup mimics
the effects upstream gets via its OCI container usage.
parent ae72b9bf

nixos/modules/services/video/frigate.nix

+3 −0
Original line number Diff line number Diff line
@@ -759,6 +759,9 @@ in 


        # Sockets/IPC

        RuntimeDirectory = "frigate";



        # Reduce visible process scope to cgroup

        ProtectProc = "invisible";

      };

    };

  };