cmd/tailscaled/tailscaled.service: revert recent hardening for now

It broke Debian Stretch. We'll try again later.

Updates #1245

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
pull/1248/head
Brad Fitzpatrick 4 years ago committed by Brad Fitzpatrick
parent 761188e5d2
commit 2889fabaef

@ -20,24 +20,5 @@ CacheDirectory=tailscale
CacheDirectoryMode=0750 CacheDirectoryMode=0750
Type=notify Type=notify
DeviceAllow=/dev/net/tun
DeviceAllow=/dev/null
DeviceAllow=/dev/random
DeviceAllow=/dev/urandom
DevicePolicy=strict
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelTunables=true
ProtectSystem=strict
ReadWritePaths=/etc/
ReadWritePaths=/run/
ReadWritePaths=/var/run/
RestrictSUIDSGID=true
SystemCallArchitectures=native
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

Loading…
Cancel
Save