From 9a2b88cb1fe19a7b71f5713e4d4685673a6cccdd Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Sun, 12 Dec 2021 16:57:35 -0500
Subject: [PATCH] Revert some hardening that breaks LXC

For each of these, we should be OK since we run as an unprivileged user
anyways.
---
 debian/jellyfin.service | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/debian/jellyfin.service b/debian/jellyfin.service
index 071f949dd9..ce0a3cf3db 100644
--- a/debian/jellyfin.service
+++ b/debian/jellyfin.service
@@ -13,17 +13,17 @@ TimeoutSec = 15
 NoNewPrivileges=true
 SystemCallArchitectures=native
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-RestrictNamespaces=true
+RestrictNamespaces=false
 RestrictRealtime=true
 RestrictSUIDSGID=true
 ProtectClock=true
-ProtectControlGroups=true
+ProtectControlGroups=false
 ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
+ProtectKernelLogs=false
+ProtectKernelModules=false
+ProtectKernelTunables=false
 LockPersonality=true
-PrivateTmp=true
+PrivateTmp=false
 PrivateDevices=false
 PrivateUsers=true
 RemoveIPC=true