From 5195593f55f65c7e9e037bb59a712b5373ce4f02 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Thu, 25 Apr 2024 20:13:48 -0400
Subject: [PATCH] add `@resources` to syscall filter in the default systemd
 unit

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 debian/conduwuit.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/conduwuit.service b/debian/conduwuit.service
index 07f7696b..a9cb09b7 100644
--- a/debian/conduwuit.service
+++ b/debian/conduwuit.service
@@ -36,8 +36,8 @@ RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @resources @privileged @keyring @ipc
+SystemCallFilter=@system-service @resources
+SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
 SystemCallErrorNumber=EPERM
 StateDirectory=matrix-conduit