Merge pull request #307264 from pks-t/pks-matrix-appservice-irc-fix-chown-registration-yml

nixos/matrix-appservice-irc: fix chown of registration.yml in pre-script
author: Martin Weinelt <mweinelt@users.noreply.github.com> 2024-04-27 21:12:38 +0200
committer: GitHub <noreply@github.com> 2024-04-27 21:12:38 +0200
commit: 2b1f64b358f2cab62617f26b3870fd0ee375d848 (patch)
tree: 5a1d45cc149aac15d68bdf00b4f4768424ffaa78 /nixos/modules
parent: 0e5f13c96769c00aa7c9859140c656297a8de4aa (diff)
parent: ff3358b3f5802d1b1ec61e79657f9220b0d75da5 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/services/matrix/appservice-irc.nix b/nixos/modules/services/matrix/appservice-irc.nix
index 90790169142aa..f4539a90f2e60 100644
--- a/nixos/modules/services/matrix/appservice-irc.nix
+++ b/nixos/modules/services/matrix/appservice-irc.nix
@@ -214,8 +214,9 @@ in {
         RestrictRealtime = true;
         PrivateMounts = true;
         SystemCallFilter = [
-          "@system-service @pkey @chown"
+          "@system-service @pkey"
           "~@privileged @resources"
+          "@chown"
         ];
         SystemCallArchitectures = "native";
         # AF_UNIX is required to connect to a postgres socket.
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2024-04-27 21:12:38 +0200
committer	GitHub <noreply@github.com>	2024-04-27 21:12:38 +0200
commit	2b1f64b358f2cab62617f26b3870fd0ee375d848 (patch)
tree	5a1d45cc149aac15d68bdf00b4f4768424ffaa78 /nixos/modules
parent	0e5f13c96769c00aa7c9859140c656297a8de4aa (diff)
parent	ff3358b3f5802d1b1ec61e79657f9220b0d75da5 (diff)