From 777928d9d46f64bd515577aac27a286317baa752 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sat, 22 Feb 2025 20:33:01 +0000
Subject: [PATCH] Add AF_NETLINK to allowed address families for oxidized

---
 cookbooks/oxidized/recipes/default.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cookbooks/oxidized/recipes/default.rb b/cookbooks/oxidized/recipes/default.rb
index 28f65bf79..1840c2af3 100644
--- a/cookbooks/oxidized/recipes/default.rb
+++ b/cookbooks/oxidized/recipes/default.rb
@@ -156,6 +156,7 @@ systemd_service "oxidized" do
               "OXIDIZED_LOGS" => "/var/log/oxidized"
   nice 10
   sandbox :enable_network => true
+  restrict_address_families "AF_NETLINK"
   read_write_paths ["/run/oxidized", "/var/lib/oxidized", "/var/log/oxidized"]
   restart "on-failure"
   notifies :restart, "service[oxidized]"
-- 
2.39.5