From ae1ba4dbe3c1395484f8f01f522630a333630332 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 29 Dec 2022 21:10:22 +0100
Subject: ...

---
 hosts/vidhar/prometheus/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix
index c0d41743..6bfa0b49 100644
--- a/hosts/vidhar/prometheus/default.nix
+++ b/hosts/vidhar/prometheus/default.nix
@@ -401,6 +401,7 @@ in {
         ] ++ cfg.extraFlags)}";
         ReadWritePaths = ["/run/dbus/system_bus_socket"];
         BindReadOnlyPaths = ["/proc" "/sys"];
+        CapabilityBoundingSet = ["CAP_DAC_OVERRIDE"];
         AmbientCapabilities = ["CAP_DAC_OVERRIDE"];
       };
     };
-- 
cgit v1.2.3