From a71576b07b59a86a27555ab8a3dff901b10d8b6c Mon Sep 17 00:00:00 2001
From: Izorkin <izorkin@elven.pw>
Date: Wed, 12 May 2021 11:41:11 +0300
Subject: [PATCH] nixos/mastodon/streaming: add '@memlock' SystemCallFilter

---
 nixos/modules/services/web-apps/mastodon.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-apps/mastodon.nix b/nixos/modules/services/web-apps/mastodon.nix
index 0c6ef1348afd..7910f3980487 100644
--- a/nixos/modules/services/web-apps/mastodon.nix
+++ b/nixos/modules/services/web-apps/mastodon.nix
@@ -521,7 +521,7 @@ in {
         RuntimeDirectory = "mastodon-streaming";
         RuntimeDirectoryMode = "0750";
         # System Call Filtering
-        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@resources" ])) "pipe" "pipe2" ];
+        SystemCallFilter = [ ("~" + lib.concatStringsSep " " (systemCallsList ++ [ "@memlock" "@resources" ])) "pipe" "pipe2" ];
       } // cfgService;
     };