services.uwsgi.capabilities
Grant capabilities to the uWSGI instance. See the capabilities(7) for available values.
uWSGI runs as an unprivileged user (even as Emperor) with the minimal capabilities required. This option can be used to add fine-grained permissions without running the service as root.
When in Emperor mode, any capability to be inherited by a vassal must
be specified again in the vassal configuration using cap.
See the uWSGI docs
for more information.
- Type
list of string- Default
[ ]- Example
[ "CAP_NET_BIND_SERVICE" # bind on ports <1024 "CAP_NET_RAW" # open raw sockets ]- Declared
- <nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>