diff --git a/.files b/.files
index 29c2f9d..13c205e 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 98003fc..53357e9 100644
--- a/.rev
+++ b/.rev
@@ -1092,4 +1092,15 @@ By now, it's required for sle-15, so synchronized the updated specfile and chang
- Drop harden_accounts-daemon.service.patch: Seems to conflict with
SELinux since version 22.04.62.
+
+ a15707b5cbeb82707e56607b06ff15e6
+ 22.04.62
+
+ dimstar_suse
+ - Add accountsservice-too-restrictive.patch: weaken upstreams
+ policy of accounts-daemon.service to be similar, but still
+ stricter, to what we had with harden-accounts-daemon.service.patch.
+ Attempt to workaround
+ https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
diff --git a/.servicemark b/.servicemark
index 5ab3b0f..ef9b741 100644
--- a/.servicemark
+++ b/.servicemark
@@ -1 +1 @@
-652f0579944f098ac2f2e8f4832d356e
+cee88a4d8b6449aa72798b090c5064f4
diff --git a/accountsservice-too-restrictive.patch b/accountsservice-too-restrictive.patch
new file mode 100644
index 0000000..62fd04e
--- /dev/null
+++ b/accountsservice-too-restrictive.patch
@@ -0,0 +1,22 @@
+Index: accountsservice-22.04.62/data/accounts-daemon.service.in
+===================================================================
+--- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
++++ accountsservice-22.04.62/data/accounts-daemon.service.in
+@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
+ StateDirectory=AccountsService
+ StateDirectoryMode=0775
+
+-ProtectSystem=strict
++ProtectSystem=false
+ PrivateDevices=true
+ ProtectKernelTunables=true
+ ProtectKernelModules=true
+@@ -33,7 +33,7 @@ PrivateUsers=false
+ RestrictAddressFamilies=AF_UNIX
+ SystemCallArchitectures=native
+ SystemCallFilter=~@mount
+-RestrictNamespaces=true
++RestrictNamespaces=false
+ LockPersonality=true
+ MemoryDenyWriteExecute=true
+ RestrictRealtime=true
diff --git a/accountsservice.changes b/accountsservice.changes
index 2a1d687..2a592fc 100644
--- a/accountsservice.changes
+++ b/accountsservice.changes
@@ -1,4 +1,13 @@
-------------------------------------------------------------------
+Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger
+
+- Add accountsservice-too-restrictive.patch: weaken upstreams
+ policy of accounts-daemon.service to be similar, but still
+ stricter, to what we had with harden-accounts-daemon.service.patch.
+ Attempt to workaround
+ https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
+-------------------------------------------------------------------
Mon Mar 28 07:32:37 UTC 2022 - Dominique Leuenberger
- Drop harden_accounts-daemon.service.patch: Seems to conflict with
diff --git a/accountsservice.spec b/accountsservice.spec
index 397523f..e8194b2 100644
--- a/accountsservice.spec
+++ b/accountsservice.spec
@@ -28,6 +28,8 @@ Source0: https://www.freedesktop.org/software/accountsservice/%{name}-%{v
# WARNING: do not remove/significantly change patch0 without updating the relevant patch in gdm too
# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch)
Patch1: accountsservice-sysconfig.patch
+# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 -- Allow NAMESPACE switching until upstream finds the right flag
+Patch2: accountsservice-too-restrictive.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
@@ -95,6 +97,7 @@ querying and manipulating user account information.
%prep
%setup -q
%patch1 -p1
+%patch2 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}