From 688ef43fba6149fbf983c526bbb3888e562d3007 Mon Sep 17 00:00:00 2001 From: Leo Antunes Date: Tue, 2 Nov 2021 23:35:15 +0100 Subject: [PATCH] systemd: downgrade ProtectSystem to "true" from "full" this should enable interacting with tools such as ufw Closes: #927883 --- debian/knockd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/knockd.service b/debian/knockd.service index 48d51bd..11795f6 100644 --- a/debian/knockd.service +++ b/debian/knockd.service @@ -10,7 +10,7 @@ ExecStart=/usr/sbin/knockd $KNOCKD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed SuccessExitStatus=0 2 15 -ProtectSystem=full +ProtectSystem=true CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_MODULE [Install]