From 95719938f1e8e62577d4c5631607ac075b78b6d9 Mon Sep 17 00:00:00 2001
From: Tom Ryder <tom@sanctum.geek.nz>
Date: Sun, 13 Sep 2020 01:19:27 +1200
Subject: Remove hardening from systemd units

I suspect most-to-all of this doesn't actually work, and probably
shouldn't deploy it unless and until I am.
---
 newsboat/systemd/user/reload-newsboat.service | 20 --------------------
 1 file changed, 20 deletions(-)

(limited to 'newsboat/systemd/user/reload-newsboat.service')

diff --git a/newsboat/systemd/user/reload-newsboat.service b/newsboat/systemd/user/reload-newsboat.service
index 981ef7bc..2699697c 100644
--- a/newsboat/systemd/user/reload-newsboat.service
+++ b/newsboat/systemd/user/reload-newsboat.service
@@ -8,23 +8,3 @@ Type=oneshot
 LogsDirectory=newsboat
 LogsDirectoryMode=0700
 ExecStart=newsboat --execute=reload --log-file=%L/newsboat/%p.log --log-level=5
-# Hardening
-IPAddressDeny=any
-IPAddressAllow=localhost
-KeyringMode=private
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-RestrictAddressFamilies=AF_UNIX
-RestrictAddressFamilies=~AF_UNIX
-RestrictNamespaces=true
-RestrictRealtime=true
-SystemCallArchitectures=native
-SystemCallErrorNumber=EPERM
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
-UMask=0077
-# Slowing
-Nice=10
-IOSchedulingClass=best-effort
-IOSchedulingPriority=7
-- 
cgit v1.2.3