From 7563c0db11be49d9510fc5a8d5e4b6b5fbe7ec67 Mon Sep 17 00:00:00 2001
From: OniriCorpe <oniricorpe@disroot.org>
Date: Wed, 22 May 2024 19:11:11 +0200
Subject: [PATCH] fix systemd sandboxing config

---
 conf/systemd.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 4abad0b..6e0b50d 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -30,7 +30,7 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html