From de497358b84f4b368ce9b637b98ea8899d6b337e Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Thu, 28 Jan 2021 12:57:10 -0800
Subject: [PATCH] cmd/tailscaled: add /run to the allowed paths for iptables.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 cmd/tailscaled/tailscaled.service | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cmd/tailscaled/tailscaled.service b/cmd/tailscaled/tailscaled.service
index 878e86341..7b847c54e 100644
--- a/cmd/tailscaled/tailscaled.service
+++ b/cmd/tailscaled/tailscaled.service
@@ -34,6 +34,8 @@ ProtectHome=true
 ProtectKernelTunables=true
 ProtectSystem=strict
 ReadWritePaths=/etc/
+ReadWritePaths=/run/
+ReadWritePaths=/var/run/
 RestrictSUIDSGID=true
 SystemCallArchitectures=native