From caecd83c46bc0fce79e8e550e3c28d33ce32a2c6 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 13 Jul 2017 08:47:57 +0200
Subject: [PATCH] daemon: systemd unit cannot use ProtectSystem=strict

lldpd needs to create its socket in `/run`. It's put outside the chroot
on purpose but it's not on a directory on its own.
---
 src/daemon/lldpd.service.in | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/daemon/lldpd.service.in b/src/daemon/lldpd.service.in
index 4f4ff0ee..c95afa7d 100644
--- a/src/daemon/lldpd.service.in
+++ b/src/daemon/lldpd.service.in
@@ -18,10 +18,8 @@ PrivateTmp=yes
 # systemd >= 214
 #ProtectHome=yes
 #ProtectSystem=yes
-# systemd >= 231
-#ReadWritePaths=@PRIVSEP_CHROOT@
 # systemd >= 232
-#ProtectSystem=strict
+#ProtectSystem=full
 #ProtectKernelTunables=yes
 #ProtectControlGroups=yes
 #ProtectKernelModules=yes
-- 
2.39.5