esphome: remove ProcSubset from serviceConfig

Remove ProcSubset from esphome serviceConfig because esphome/bwrap needs to access it. According to https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProcSubset= ProcSubset isn't even recommended for most programs. Fixes #262674
2024-09-21 04:49:01 +02:00 · 2023-10-22 09:13:56 +03:00 · 2023-10-22 09:13:56 +03:00 · bff068e514
parent 6b4e45787b
commit bff068e514
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/services/home-automation/esphome.nix
+++ b/nixos/modules/services/home-automation/esphome.nix
@ -112,7 +112,7 @@ in
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        ProtectProc = "invisible";
-        ProcSubset = "pid";
+        ProcSubset = "all"; # Using "pid" breaks bwrap
        ProtectSystem = "strict";
        #RemoveIPC = true; # Implied by DynamicUser
        RestrictAddressFamilies = [