ff3358b3f5
Before the startup, the matrix-appservice-irc service sets up the registration file such that it can be used by matrix-synapse. Part of that setup requires us to change the group of said file so that the home server can read it. Consequently, we need CAP_CHOWN and require that the @chown system calls are allowed. While we supposedly set up both of these, the setup of system calls is broken as we have both an allow and a deny list of syscalls. But while the allow list contains "@chown", the deny list contains "@privileged" which contains "@chown" itself. So ultimately, we end up denying "@chown". Fix this issue by specifying "@chown" after the deny list.
8.1 KiB
8.1 KiB