From 162fcf6fca49f55ac13a02231963250654b7d14b Mon Sep 17 00:00:00 2001
From: Arnaud Ferraris <arnaud.ferraris@gmail.com>
Date: Wed, 1 Sep 2021 00:26:21 +0200
Subject: [PATCH] d/eg25-manager.service: be less restrictive

Additional security options in kernel config make it more picky,
removing problematic directives (`DeviceAllow` and `ProtectClock`) from
the service file helps getting things straight.

Other options aren't recognized by our systemd version
(`ProtectKernelModules`, `ProtectProc`, `ProtectDevices` and
`ProtectKernelLog`), so we can just as well remove those.
---
 debian/eg25-manager.service | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/debian/eg25-manager.service b/debian/eg25-manager.service
index 3af1f99..e9e0815 100644
--- a/debian/eg25-manager.service
+++ b/debian/eg25-manager.service
@@ -12,17 +12,11 @@ ProtectKernelTunables=true
 ProtectSystem=strict
 RestrictSUIDSGID=true
 PrivateTmp=true
-ProtectedKernelModules=true
 MemoryDenyWriteExecute=true
 PrivateMounts=true
 NoNewPrivileges=true
 CapabilityBoundingSet=
-ProtectProc=true
-ProtectDevices=true
-DeviceAllow=/dev/ttyS2
 LockPersonality=true
-ProtectClock=true
-ProtectKernelLog=true
 
 [Install]
 WantedBy=multi-user.target