about summary refs log tree commit diff stats
path: root/modules/by-name/sh
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/sh')
-rw-r--r--modules/by-name/sh/sharkey/module.nix5
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/by-name/sh/sharkey/module.nix b/modules/by-name/sh/sharkey/module.nix
index a2f5445..2b50cf0 100644
--- a/modules/by-name/sh/sharkey/module.nix
+++ b/modules/by-name/sh/sharkey/module.nix
@@ -242,7 +242,8 @@ in {
         MemoryDenyWriteExecute = false;
         PrivateDevices = true;
         PrivateUsers = true;
-        ProcSubset = "pid";
+        # Sharkey needs access to the hosts CPUs
+        ProcSubset = "all";
         PrivateTmp = true;
         ProtectClock = true;
         ProtectControlGroups = true;
@@ -266,7 +267,7 @@ in {
         SystemCallArchitectures = "native";
         SystemCallFilter = [
           "@system-service"
-          "~@privileged"
+          "@chown"
           "~@mount"
         ];
         UMask = "0077";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-04-28 16:05:59 +0000