diff --git a/synapse-module/default.nix b/synapse-module/default.nix
index 51a0cca..2cc17ae 100644
--- a/synapse-module/default.nix
+++ b/synapse-module/default.nix
@@ -505,9 +505,12 @@ in
           ]) ++ (lib.optionals (cfg.settings.media_store_path != "${cfg.dataDir}/media_store") [
              "${cfg.settings.media_store_path}:/var/lib/matrix-synapse/media_store"
           ]);
-          ReadWritePaths = map (listener: dirOf listener.path) (
-            lib.filter (listener: listener.path != null) cfg.settings.listeners
-          );
+          ReadWritePaths = lib.pipe cfg.settings.listeners [
+            (lib.filter (listener: listener.path != null))
+            (map (listener: dirOf listener.path))
+            (lib.filter (path: path != "/run/matrix-synapse"))
+            lib.uniqueStrings
+          ];
           RemoveIPC = true;
           RestrictAddressFamilies = [
             "AF_INET"
diff --git a/synapse-module/workers.nix b/synapse-module/workers.nix
index e60a3d1..23136de 100644
--- a/synapse-module/workers.nix
+++ b/synapse-module/workers.nix
@@ -442,9 +442,12 @@ in {
           ]) ++ (lib.optionals (cfg.settings.media_store_path != "${cfg.dataDir}/media_store") [
              "${cfg.settings.media_store_path}:/var/lib/matrix-synapse/media_store"
           ]);
-          ReadWritePaths = map (listener: dirOf listener.path) (
-            lib.filter (listener: listener.path != null) cfg.settings.listeners
-          );
+          ReadWritePaths = lib.pipe cfg.settings.listeners [
+            (lib.filter (listener: listener.path != null))
+            (map (listener: dirOf listener.path))
+            (lib.filter (path: path != "/run/matrix-synapse"))
+            lib.uniqueStrings
+          ];
           RemoveIPC = true;
           RestrictAddressFamilies = [
             "AF_INET"