From d692e80558e2d8a1a19c018ae93a9e49e2fa3a38 Mon Sep 17 00:00:00 2001
From: Thomas <51749973+Thovi98@users.noreply.github.com>
Date: Fri, 10 Nov 2023 09:04:13 +0100
Subject: [PATCH] Update bookwyrm-server.service

---
 conf/bookwyrm-server.service | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/conf/bookwyrm-server.service b/conf/bookwyrm-server.service
index 60a0061..17e73b6 100644
--- a/conf/bookwyrm-server.service
+++ b/conf/bookwyrm-server.service
@@ -1,4 +1,3 @@
-
 [Unit]
 Description=__APP__ application server
 After=network.target postgresql.service redis.service
@@ -19,7 +18,7 @@ TemporaryFileSystem=/var /run
 #PrivateUsers=true
 PrivateDevices=true
 BindReadOnlyPaths=__INSTALL_DIR__
-#BindPaths=__INSTALL_DIR__/images __INSTALL_DIR__/static /var/run/postgresql
+BindPaths=__INSTALL_DIR__/images __INSTALL_DIR__/static /var/run/postgresql
 LockPersonality=yes
 MemoryDenyWriteExecute=true
 PrivateMounts=true
@@ -37,7 +36,7 @@ RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 DevicePolicy=closed
 ProtectProc=invisible
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html