From 161baa7e68dac7ce5129d30de9ecd9fc85c3219b Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Thu, 5 Aug 2021 00:49:05 +0200
Subject: [PATCH] joinmarket-ob-watcher: allow required 'mbind' system call

---
 modules/joinmarket-ob-watcher.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/joinmarket-ob-watcher.nix b/modules/joinmarket-ob-watcher.nix
index f8b6760..82499ef 100644
--- a/modules/joinmarket-ob-watcher.nix
+++ b/modules/joinmarket-ob-watcher.nix
@@ -80,6 +80,7 @@ in {
           ${nbPkgs.joinmarket}/bin/ob-watcher --datadir=${cfg.dataDir} \
             --host=${cfg.address} --port=${toString cfg.port}
         '';
+        SystemCallFilter = nbLib.defaultHardening.SystemCallFilter ++ [ "mbind" ] ;
         Restart = "on-failure";
         RestartSec = "10s";
       } // nbLib.allowTor;