From dfd3fc861bee8d04e0dfff8d74e021dbfb5b5968 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Wed, 14 Sep 2022 18:24:08 -0400
Subject: [PATCH] avoid disallowing chown syscall for certbot-renew

---
 systemd/system/certbot-renew.service.d/local.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/systemd/system/certbot-renew.service.d/local.conf b/systemd/system/certbot-renew.service.d/local.conf
index 194fd22..6d1e93b 100644
--- a/systemd/system/certbot-renew.service.d/local.conf
+++ b/systemd/system/certbot-renew.service.d/local.conf
@@ -25,5 +25,5 @@ RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 SystemCallArchitectures=native
-SystemCallFilter=@system-service @chown
-SystemCallFilter=~@privileged @resources @obsolete
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @obsolete