From 2446c2bd4b0d1ab6c989031f1ca0185a4eb9900b Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sun, 22 Jan 2023 15:37:01 -0800
Subject: [PATCH] Remove some protections

---
 objectifier-module.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/objectifier-module.nix b/objectifier-module.nix
index 5ecd923..52e586d 100644
--- a/objectifier-module.nix
+++ b/objectifier-module.nix
@@ -67,13 +67,13 @@ in {
       serviceConfig = {
         PrivateUsers = true;
         PrivateDevices = true;
-        PrivateTmp = true;
-        PrivateMounts = true;
-        ProtectControlGroups = true;
+        # PrivateTmp = true;
+        # PrivateMounts = true;
+        # ProtectControlGroups = true;
         ProtectKernelTunables = true;
         ProtectKernelModules = true;
-        ProtectSystem = true;
-        ProtectHostname = true;
+        # ProtectSystem = true;
+        # ProtectHostname = true;
         ProtectHome = true;
         ProtectClock = true;
         ProtectKernelLogs = true;
@@ -90,7 +90,6 @@ in {
         RestartSec = "5s";
         Type = "simple";
         PIDFile = "/run/objectifier.pid";
-        ReadWritePaths = [ "/run" ];
         ExecStart = let
           bindClause = concatStringsSep " "
             (map (addr: "--bind ${addr}:${toString cfg.port}")