From: Tom Hughes <tom@compton.nu>
Date: Wed, 20 Dec 2023 20:15:30 +0000 (+0000)
Subject: Add mincore to allowed system calls for renderd
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/d4220f9bc9baa92ed91c50685acf4bccc7216ec5

Add mincore to allowed system calls for renderd
---

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index a7073575c..7ff279642 100644
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -116,7 +116,7 @@ systemd_service "renderd" do
   sandbox true
   restrict_address_families "AF_UNIX"
   read_write_paths tile_directories
-  system_call_filter ["@known"]
+  system_call_filter ["@system-service", "mincore"]
   restart "on-failure"
 end