nixos/matrix-appservice-irc: fix syscall filter

The pre-start script requires @chown; the service fails without it. (cherry picked from commit dffba14043168d767a12ff86c39464b8503d3d29)
author: Benjamin Saunders <ben.e.saunders@gmail.com> 2023-12-02 12:03:58 -0800
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2023-12-02 20:33:06 +0000
commit: ef477d56771c5cde0a7437551671b1f5d5f418f3 (patch)
tree: f1fcab75d2c925b083c76dd46739f37437e82311 /nixos/modules
parent: 933d7dc155096e7575d207be6fb7792bc9f34f6d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix
index d153ffc2ace87..c79cd799b4d0e 100644
--- a/nixos/modules/services/matrix/appservice-irc.nix
+++ b/nixos/modules/services/matrix/appservice-irc.nix
@@ -214,7 +214,7 @@ in {
         RestrictRealtime = true;
         PrivateMounts = true;
         SystemCallFilter = [
-          "@system-service @pkey"
+          "@system-service @pkey @chown"
           "~@privileged @resources"
         ];
         SystemCallArchitectures = "native";
author	Benjamin Saunders <ben.e.saunders@gmail.com>	2023-12-02 12:03:58 -0800
committer	github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2023-12-02 20:33:06 +0000
commit	ef477d56771c5cde0a7437551671b1f5d5f418f3 (patch)
tree	f1fcab75d2c925b083c76dd46739f37437e82311 /nixos/modules
parent	933d7dc155096e7575d207be6fb7792bc9f34f6d (diff)