From d029ca2d552a38961d6f4b9e642062cb05403866 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Fri, 25 Apr 2025 22:21:10 +0200
Subject: modules/sharkey: Add required `@chown` syscall group to allow list

The `~@priviledged` needed to go, as `@chown` is part of this group.
---
 modules/by-name/sh/sharkey/module.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/by-name/sh/sharkey/module.nix')

diff --git a/modules/by-name/sh/sharkey/module.nix b/modules/by-name/sh/sharkey/module.nix
index 29bae51..2b50cf0 100644
--- a/modules/by-name/sh/sharkey/module.nix
+++ b/modules/by-name/sh/sharkey/module.nix
@@ -267,7 +267,7 @@ in {
         SystemCallArchitectures = "native";
         SystemCallFilter = [
           "@system-service"
-          "~@privileged"
+          "@chown"
           "~@mount"
         ];
         UMask = "0077";
-- 
cgit 1.4.1