From 6d8076f14a67fae2ed7b132da58b781c1ac9ca30 Mon Sep 17 00:00:00 2001
From: Tagada <36127788+Tagadda@users.noreply.github.com>
Date: Sat, 2 Apr 2022 18:08:43 +0200
Subject: [PATCH] fix: Allow Ping Monitor to work

---
 conf/systemd.service | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index ee080d4..a246538 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -16,20 +16,20 @@ StandardError=inherit
 # Depending on specificities of your service/app, you may need to tweak these 
 # .. but this should be a good baseline
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
-NoNewPrivileges=yes
+NoNewPrivileges=no
 PrivateTmp=yes
-PrivateDevices=yes
+#PrivateDevices=yes
 # May conflict with SMTP: https://github.com/YunoHost-Apps/uptime-kuma_ynh/issues/6
 # RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=yes
-RestrictRealtime=yes
+#RestrictNamespaces=yes
+#RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-LockPersonality=yes
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+#ProtectKernelModules=yes
+#ProtectKernelTunables=yes
+#LockPersonality=yes
+#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
@@ -40,7 +40,7 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
-CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+#CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
 
 [Install]