Add mincore to allowed system calls for renderd

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index a7073575cfef8e27d55b536d2073124658963c85..7ff279642e997c4d22d2431964ff8dd7298cc0cd 100644 (file)
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -116,7 +116,7 @@ systemd_service "renderd" do
   sandbox true
   restrict_address_families "AF_UNIX"
   read_write_paths tile_directories
-  system_call_filter ["@known"]
+  system_call_filter ["@system-service", "mincore"]
   restart "on-failure"
 end