nixos/matrix-appservice-irc: fix syscall filter

The pre-start script requires @chown; the service fails without it.
author: Benjamin Saunders <ben.e.saunders@gmail.com> 2023-12-02 12:03:58 -0800
committer: Benjamin Saunders <ben.e.saunders@gmail.com> 2023-12-02 12:03:58 -0800
commit: dffba14043168d767a12ff86c39464b8503d3d29 (patch)
tree: d3facff86676a066f79b49586e26de46465e67a4 /nixos/modules/services/matrix
parent: ab3ea20adfe05a2328b4991612912ef7db67af83 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix
index d153ffc2ace8..c79cd799b4d0 100644
--- a/nixos/modules/services/matrix/appservice-irc.nix
+++ b/nixos/modules/services/matrix/appservice-irc.nix
@@ -214,7 +214,7 @@ in {
         RestrictRealtime = true;
         PrivateMounts = true;
         SystemCallFilter = [
-          "@system-service @pkey"
+          "@system-service @pkey @chown"
           "~@privileged @resources"
         ];
         SystemCallArchitectures = "native";
author	Benjamin Saunders <ben.e.saunders@gmail.com>	2023-12-02 12:03:58 -0800
committer	Benjamin Saunders <ben.e.saunders@gmail.com>	2023-12-02 12:03:58 -0800
commit	dffba14043168d767a12ff86c39464b8503d3d29 (patch)
tree	d3facff86676a066f79b49586e26de46465e67a4 /nixos/modules/services/matrix
parent	ab3ea20adfe05a2328b4991612912ef7db67af83 (diff)