From 63157e34d892955234c18461f4c1c14b64912482 Mon Sep 17 00:00:00 2001
From: Chris Dombroski <cdombroski@gmail.com>
Date: Mon, 10 Feb 2025 16:29:50 -0500
Subject: [PATCH] nixos/zwave-js-ui: Add chown to allowed syscalls

Closes: #379850
---
 nixos/modules/services/home-automation/zwave-js-ui.nix | 1 +
 nixos/tests/zwave-js-ui.nix                            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/home-automation/zwave-js-ui.nix b/nixos/modules/services/home-automation/zwave-js-ui.nix
index 631986510b4f..d33bcbaad2d5 100644
--- a/nixos/modules/services/home-automation/zwave-js-ui.nix
+++ b/nixos/modules/services/home-automation/zwave-js-ui.nix
@@ -111,6 +111,7 @@ in
         SystemCallFilter = [
           "@system-service @pkey"
           "~@privileged @resources"
+          "@chown"
         ];
         UMask = "0077";
       };
diff --git a/nixos/tests/zwave-js-ui.nix b/nixos/tests/zwave-js-ui.nix
index 3aa90d75bb2e..ea468cdd1a5d 100644
--- a/nixos/tests/zwave-js-ui.nix
+++ b/nixos/tests/zwave-js-ui.nix
@@ -25,7 +25,7 @@ import ./make-test-python.nix (
       machine.wait_for_unit("zwave-js-ui.service")
       machine.wait_for_open_port(9999)
       machine.wait_until_succeeds("journalctl --since -1m --unit zwave-js-ui --grep 'Listening on port 9999host :: protocol HTTP'")
-      machine.wait_for_file("/var/lib/zwave-js-ui/nodes.json")
+      machine.wait_for_file("/var/lib/zwave-js-ui/users.json")
     '';
   }
 )