From 3fa5f005d44113813a48760739eb46d3b82e2b34 Mon Sep 17 00:00:00 2001
From: Thomas <51749973+Thovi98@users.noreply.github.com>
Date: Wed, 8 Nov 2023 14:16:43 +0100
Subject: [PATCH] further try

---
 conf/bookwyrm-server.service | 2 +-
 conf/bookwyrm-worker.service | 6 ------
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/conf/bookwyrm-server.service b/conf/bookwyrm-server.service
index ad31bf8..3be1160 100644
--- a/conf/bookwyrm-server.service
+++ b/conf/bookwyrm-server.service
@@ -15,7 +15,7 @@ ProtectSystem=strict
 ProtectHome=tmpfs
 #InaccessiblePaths=-/media -/mnt -/srv
 PrivateTmp=yes
-TemporaryFileSystem=/var /run
+#TemporaryFileSystem=/var /run
 #PrivateUsers=true
 PrivateDevices=true
 BindReadOnlyPaths=__INSTALL_DIR__
diff --git a/conf/bookwyrm-worker.service b/conf/bookwyrm-worker.service
index 135c633..f3e9a12 100644
--- a/conf/bookwyrm-worker.service
+++ b/conf/bookwyrm-worker.service
@@ -32,12 +32,6 @@ ProtectControlGroups=true
 RestrictRealtime=true
 RestrictNamespaces=net
 
-NoNewPrivileges=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-DevicePolicy=closed
-ProtectProc=invisible
-SystemCallArchitectures=native
-#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html