nix: expose syscall filter policy

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-23 17:24:42 +09:00
parent 134247b57d
commit 8a00a83c71
2 changed files with 13 additions and 6 deletions
--- a/nixos.nix
+++ b/nixos.nix
@@ -117,6 +117,9 @@ in
                          dev
                          env
                          ;
+                        syscall = {
+                          inherit (app) devel multiarch bluetooth;
+                        };
                        map_real_uid = app.mapRealUid;
                        no_new_session = app.tty;
                        filesystem =