Blame accountsservice-too-restrictive.patch
|
|
29e9f4 |
Index: accountsservice-22.04.62/data/accounts-daemon.service.in
|
|
|
29e9f4 |
===================================================================
|
|
|
29e9f4 |
--- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
|
|
|
29e9f4 |
+++ accountsservice-22.04.62/data/accounts-daemon.service.in
|
|
|
29e9f4 |
@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
|
|
|
29e9f4 |
StateDirectory=AccountsService
|
|
|
29e9f4 |
StateDirectoryMode=0775
|
|
|
29e9f4 |
|
|
|
29e9f4 |
-ProtectSystem=strict
|
|
|
29e9f4 |
+ProtectSystem=false
|
|
|
29e9f4 |
PrivateDevices=true
|
|
|
29e9f4 |
ProtectKernelTunables=true
|
|
|
29e9f4 |
ProtectKernelModules=true
|
|
|
29e9f4 |
@@ -33,7 +33,7 @@ PrivateUsers=false
|
|
|
29e9f4 |
RestrictAddressFamilies=AF_UNIX
|
|
|
29e9f4 |
SystemCallArchitectures=native
|
|
|
29e9f4 |
SystemCallFilter=~@mount
|
|
|
29e9f4 |
-RestrictNamespaces=true
|
|
|
29e9f4 |
+RestrictNamespaces=false
|
|
|
29e9f4 |
LockPersonality=true
|
|
|
29e9f4 |
MemoryDenyWriteExecute=true
|
|
|
29e9f4 |
RestrictRealtime=true
|