Unverified Commit bff068e5 authored by Meghea Iulian's avatar Meghea Iulian
Browse files

esphome: remove ProcSubset from serviceConfig 

Remove ProcSubset from esphome serviceConfig because esphome/bwrap needs to
access it.
According to
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProcSubset=
ProcSubset isn't even recommended for most programs.
Fixes #262674
parent 6b4e4578

nixos/modules/services/home-automation/esphome.nix

+1 −1
Original line number Diff line number Diff line
@@ -112,7 +112,7 @@ in 
        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProcSubset = "pid";

        ProcSubset = "all"; # Using "pid" breaks bwrap

        ProtectSystem = "strict";

        #RemoveIPC = true; # Implied by DynamicUser

        RestrictAddressFamilies = [