nixos/nginx: don't disable IPC

This also disables the memfd_create syscall which is required for certain regex's when using pcre2. see https://github.com/NixOS/nixpkgs/pull/355989#issuecomment-2506841275
2024-11-29 00:40:33 +01:00
parent bfe7bb410f
commit 996f9e4f28
2 changed files with 1 additions and 3 deletions
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -1305,8 +1305,7 @@ in
        # System Call Filtering
        SystemCallArchitectures = "native";
        SystemCallFilter = [ "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @setuid" ]
-          ++ optional cfg.enableQuicBPF [ "bpf" ]
-          ++ optionals ((cfg.package != pkgs.tengine) && (cfg.package != pkgs.openresty) && (!lib.any (mod: (mod.disableIPC or false)) cfg.package.modules)) [ "~@ipc" ];
+          ++ optional cfg.enableQuicBPF [ "bpf" ];
      };
    };