public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/netdata: update capabilities

This commit is contained in:
Izorkin 2021-05-04 23:13:51 +03:00
parent 360ed28868
commit 53651179b9
No known key found for this signature in database
GPG Key ID: 1436C1B3F3679F09
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/services/monitoring/netdata.nix
View File

@ -183,6 +183,9 @@ in {
ConfigurationDirectory = "netdata"; ConfigurationDirectory = "netdata";
ConfigurationDirectoryMode = "0755"; ConfigurationDirectoryMode = "0755";
# Capabilities # Capabilities
AmbientCapabilities = [
"CAP_SETUID" # is required for cgroups and cgroups-network plugins
];
CapabilityBoundingSet = [ CapabilityBoundingSet = [
"CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins "CAP_DAC_OVERRIDE" # is required for freeipmi and slabinfo plugins
"CAP_DAC_READ_SEARCH" # is required for apps plugin "CAP_DAC_READ_SEARCH" # is required for apps plugin
@ -192,6 +195,8 @@ in {
"CAP_SYS_PTRACE" # is required for apps plugin "CAP_SYS_PTRACE" # is required for apps plugin
"CAP_SYS_RESOURCE" # is required for ebpf plugin "CAP_SYS_RESOURCE" # is required for ebpf plugin
"CAP_NET_RAW" # is required for fping app "CAP_NET_RAW" # is required for fping app
"CAP_SYS_CHROOT" # is required for cgroups plugin
"CAP_SETUID" # is required for cgroups and cgroups-network plugins
]; ];
# Sandboxing # Sandboxing
ProtectSystem = "full"; ProtectSystem = "full";