From d4220f9bc9baa92ed91c50685acf4bccc7216ec5 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 20 Dec 2023 20:15:30 +0000
Subject: [PATCH] Add mincore to allowed system calls for renderd

---
 cookbooks/tile/recipes/default.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index a7073575c..7ff279642 100644
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -116,7 +116,7 @@ systemd_service "renderd" do
   sandbox true
   restrict_address_families "AF_UNIX"
   read_write_paths tile_directories
-  system_call_filter ["@known"]
+  system_call_filter ["@system-service", "mincore"]
   restart "on-failure"
 end
 
-- 
2.39.5