diff options
| author | Patrick Steinhardt <ps@pks.im> | 2024-04-27 15:19:28 +0200 |
|---|---|---|
| committer | Patrick Steinhardt <ps@pks.im> | 2024-04-27 19:04:08 +0200 |
| commit | ff3358b3f5802d1b1ec61e79657f9220b0d75da5 (patch) | |
| tree | cd6daf1131b24542bb5a43f0c4297f43dcebc2b1 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 60cb88cc491e819c16fc579fd697d33defd2a8e3 (diff) | |
nixos/matrix-appservice-irc: fix chown of registration.yml in pre-script
Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions