Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
nixos/gitea: Fix startup #74852
Motivation for this change
Fixes #74849 hopefully.
I'm tempted to revert to a much more lenient sandbox than what this gives us, but I'd like to discuss how we can test that these are sufficient permissions @dasJ
This is just what I needed to remove to restore enough functionality to make very basic testing succeed in a real setup with postgres as the database. It's hard to tell whether more things are broken.
As in I don't know whether something is subtly broken or just changed without documentation still, but I have not found anything yet. The test passed simply by fixing up the systemd unit, but the rest of the changes I made after noticing that my real setup was still broken, eg. with nginx being unable to talk to the socket. :)
If you have a better method to verify things, I'm all ears.
Yes, the change of SystemCallFilter which is included here does fix the problem most people will have.
But this PR would definitely improve the situation and fix it for most people.