Blob Blame History Raw
From d0412f2a40b09bad014107ca2c13f9c7c100b7eb Mon Sep 17 00:00:00 2001
From: Hugo Osvaldo Barrera <hugo@whynothugo.nl>
Date: Wed, 11 Oct 2023 18:00:00 +0200
Subject: [PATCH] Drop systemd service hardening

This causes problems and hasn't realistically proved to add any
security.

See: https://gitlab.com/WhyNotHugo/darkman/-/issues/53
---
 darkman.service | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/darkman.service b/darkman.service
index 0c85669..2706bdf 100644
--- a/darkman.service
+++ b/darkman.service
@@ -9,12 +9,6 @@ ExecStart=/usr/bin/darkman run
 Restart=on-failure
 TimeoutStopSec=15
 Slice=background.slice
-# Security hardening:
-LockPersonality=yes
-RestrictNamespaces=yes
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @timer mincore
-MemoryDenyWriteExecute=yes
 
 [Install]
 WantedBy=default.target
-- 
GitLab