nixos/opendkim: Fix CapabilityBoundingSet option

An empty list results in no CapabilityBoundingSet at all, an empty string however will set `CapabilityBoundingSet=`, which represents a closed set. Related: #120617
2021-04-25 20:24:07 +02:00
parent 6af7bcbd93
commit 3a9609613d
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/mail/opendkim.nix
+++ b/nixos/modules/services/mail/opendkim.nix
@@ -134,7 +134,7 @@ in {
        ReadWritePaths = [ cfg.keyPath ];

        AmbientCapabilities = [];
-        CapabilityBoundingSet = [];
+        CapabilityBoundingSet = "";
        DevicePolicy = "closed";
        LockPersonality = true;
        MemoryDenyWriteExecute = true;