From 8d535fe914591eb7cdb616da0b2b77af3aac0bb1 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <msfjarvis@gmail.com>
Date: Thu, 9 Jan 2020 18:10:59 +0530
Subject: [PATCH] systemd/mirror-bot{-2}: Allow AF_NETLINK access

Allows the Node process to communicate with the aria2 daemon

Signed-off-by: Harsh Shandilya <msfjarvis@gmail.com>
---
 systemd_units/mirror-bot-2.service | 2 +-
 systemd_units/mirror-bot.service   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemd_units/mirror-bot-2.service b/systemd_units/mirror-bot-2.service
index efaf063..269bac6 100644
--- a/systemd_units/mirror-bot-2.service
+++ b/systemd_units/mirror-bot-2.service
@@ -22,7 +22,7 @@ ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 PrivateDevices=true
-RestrictAddressFamilies=AF_INET AF_INET6
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=true
 RestrictRealtime=true
 SystemCallArchitectures=native
diff --git a/systemd_units/mirror-bot.service b/systemd_units/mirror-bot.service
index 79c4b4a..d016db0 100644
--- a/systemd_units/mirror-bot.service
+++ b/systemd_units/mirror-bot.service
@@ -22,7 +22,7 @@ ProtectControlGroups=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 PrivateDevices=true
-RestrictAddressFamilies=AF_INET AF_INET6
+RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=true
 RestrictRealtime=true
 SystemCallArchitectures=native