From 8e1e78a735dec4533343d2bb1216ce3cc2777349 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Tue, 13 Apr 2021 02:41:54 +0200
Subject: [PATCH] nixos/babeld: allow AF_INET communication required for
 netlink socket

This broke after seccomp was updated from 2.5.0 to 2.5.1 in 22148780.
---
 nixos/modules/services/networking/babeld.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/babeld.nix b/nixos/modules/services/networking/babeld.nix
index 272c58ecd7f..e16e56121c4 100644
--- a/nixos/modules/services/networking/babeld.nix
+++ b/nixos/modules/services/networking/babeld.nix
@@ -102,7 +102,7 @@ in
         ProtectKernelModules = true;
         ProtectKernelLogs = true;
         ProtectControlGroups = true;
-        RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET6" ];
+        RestrictAddressFamilies = [ "AF_NETLINK" "AF_INET6" "AF_INET" ];
         RestrictNamespaces = true;
         RestrictRealtime = true;
         RestrictSUIDSGID = true;