modules/sharkey: Add required `@chown` syscall group to allow list

The `~@priviledged` needed to go, as `@chown` is part of this group.
author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-25 22:21:10 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-04-25 22:21:10 +0200
commit: d029ca2d552a38961d6f4b9e642062cb05403866 (patch)
tree: 259c211d1bd9a1321d5bc4a3ab2155bb7b5013ae /modules/by-name
parent: tests/sharkey-image: Rename to `sharkey-cpu` (diff)
download: nixos-server-d029ca2d552a38961d6f4b9e642062cb05403866.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/by-name/sh/sharkey/module.nix b/modules/by-name/sh/sharkey/module.nix
index 29bae51..2b50cf0 100644
--- a/modules/by-name/sh/sharkey/module.nix
+++ b/modules/by-name/sh/sharkey/module.nix
@@ -267,7 +267,7 @@ in {
         SystemCallArchitectures = "native";
         SystemCallFilter = [
           "@system-service"
-          "~@privileged"
+          "@chown"
           "~@mount"
         ];
         UMask = "0077";
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-25 22:21:10 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-04-25 22:21:10 +0200
commit	d029ca2d552a38961d6f4b9e642062cb05403866 (patch)
tree	259c211d1bd9a1321d5bc4a3ab2155bb7b5013ae /modules/by-name
parent	tests/sharkey-image: Rename to `sharkey-cpu` (diff)
download	nixos-server-d029ca2d552a38961d6f4b9e642062cb05403866.zip