Revert some hardening that breaks LXC

For each of these, we should be OK since we run as an unprivileged user anyways.
author: Joshua M. Boniface <joshua@boniface.me> 2021-12-12 16:57:35 -0500
committer: Joshua M. Boniface <joshua@boniface.me> 2021-12-12 16:57:35 -0500
commit: 9a2b88cb1fe19a7b71f5713e4d4685673a6cccdd (patch)
tree: 87ae5eb7829b98e688bf8480bb3f529f2bb86551
parent: 2c6d6dbbf8f9a5d331c04b1eda2af4f9b4da26f6 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/debian/jellyfin.service b/debian/jellyfin.service
index 071f949dd..ce0a3cf3d 100644
--- a/debian/jellyfin.service
+++ b/debian/jellyfin.service
@@ -13,17 +13,17 @@ TimeoutSec = 15
 NoNewPrivileges=true
 SystemCallArchitectures=native
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-RestrictNamespaces=true
+RestrictNamespaces=false
 RestrictRealtime=true
 RestrictSUIDSGID=true
 ProtectClock=true
-ProtectControlGroups=true
+ProtectControlGroups=false
 ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
+ProtectKernelLogs=false
+ProtectKernelModules=false
+ProtectKernelTunables=false
 LockPersonality=true
-PrivateTmp=true
+PrivateTmp=false
 PrivateDevices=false
 PrivateUsers=true
 RemoveIPC=true
author	Joshua M. Boniface <joshua@boniface.me>	2021-12-12 16:57:35 -0500
committer	Joshua M. Boniface <joshua@boniface.me>	2021-12-12 16:57:35 -0500
commit	9a2b88cb1fe19a7b71f5713e4d4685673a6cccdd (patch)
tree	87ae5eb7829b98e688bf8480bb3f529f2bb86551
parent	2c6d6dbbf8f9a5d331c04b1eda2af4f9b4da26f6 (diff)