r/vmhost: Remove system call filters from unit

The `vm-autostart` script fails with `bad system call` errors when trying to start libvirt domains. Removing the system call filters works around this. Ideally, we should figure out exactly which system call is being rejected and allow it, but that's rather difficult to do and probably not really worth the effort in this case.
2024-01-21 15:53:44 -06:00
parent 823d899e9e
commit d5de7131a0
1 changed files with 0 additions and 2 deletions
--- a/roles/vmhost/files/vm-autostart.service
+++ b/roles/vmhost/files/vm-autostart.service
@@ -37,8 +37,6 @@ RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallFilter=~@privileged @resources
 UMask=0027

 [Install]