From 19b481fbc634ffb81b449de4f38751ab9a031a3c Mon Sep 17 00:00:00 2001
From: MidAutumnMoon <me@418.im>
Date: Mon, 24 Oct 2022 20:19:12 +0800
Subject: [PATCH] nixos/galene: set proper SystemCallFilter

---
 nixos/modules/services/web-apps/galene.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-apps/galene.nix b/nixos/modules/services/web-apps/galene.nix
index ded104792bc0..15ef09aa0b87 100644
--- a/nixos/modules/services/web-apps/galene.nix
+++ b/nixos/modules/services/web-apps/galene.nix
@@ -191,7 +191,7 @@ in
           RestrictRealtime = true;
           RestrictSUIDSGID = true;
           SystemCallArchitectures = "native";
-          SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+          SystemCallFilter = [ "@system-service" "~@privileged" ];
           UMask = "0077";
         }
       ];