Remove SystemCall restrictions from service file

safing · Jan 24, 2022 · ef479e5 · ef479e5
1 parent 2fce078
commit ef479e5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 9 deletions.
diff --git a/linux/portmaster.service b/linux/portmaster.service
@@ -35,9 +35,9 @@ ProtectControlGroups=yes
 PrivateDevices=yes
 AmbientCapabilities=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override
 CapabilityBoundingSet=cap_chown cap_kill cap_net_admin cap_net_bind_service cap_net_broadcast cap_net_raw cap_sys_module cap_sys_ptrace cap_dac_override
-SystemCallArchitectures=native
-SystemCallFilter=@system-service @module
-SystemCallErrorNumber=EPERM
+# SystemCallArchitectures=native
+# SystemCallFilter=@system-service @module
+# SystemCallErrorNumber=EPERM
 ExecStart=/opt/safing/portmaster/portmaster-start --data /opt/safing/portmaster core -- $PORTMASTER_ARGS
 ExecStopPost=-/opt/safing/portmaster/portmaster-start recover-iptables
 

diff --git a/linux/templates/snippets/install-systemd-utils.sh b/linux/templates/snippets/install-systemd-utils.sh
@@ -18,12 +18,6 @@ installSystemdSupport() {
             changed="True"
         fi
 
-        # SystemCallFilter groups are added in 231 so make sure we comment it out
-        if [ "${systemd_version}" -lt 231 ]; then
-            sed -i "s/^SystemCall/#SystemCall/g" /opt/safing/portmaster/portmaster.service ||:
-            changed="True"
-        fi
-
         if [ "${changed}" = "True" ] && [ "$1" = "upgrade" ]; then
             systemctl daemon-reload ||:
         fi