nixos/nginx: fix SystemCallFilter after 1fc113f0df

2021-11-16 17:30:57 +01:00 · 2021-11-16 17:30:57 +01:00 · c408cd921f
parent 1fc113f0df
commit c408cd921f
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -896,7 +896,7 @@ in
        PrivateMounts = true;
        # System Call Filtering
        SystemCallArchitectures = "native";
-        SystemCallFilter = "~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid";
+        SystemCallFilter = "~@cpu-emulation @debug @keyring @ipc @mount @obsolete @privileged @setuid @mincore";
      };
    };