From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 15 Jun 2023 13:23:40 +0000 (+0200)
Subject: examples: don't set ProcSubset=pid in systemd unit files
X-Git-Tag: 4.4-pre2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc7629175025ed1c7cf6458a0cdc79c67d9247fe;p=thirdparty%2Fchrony.git

examples: don't set ProcSubset=pid in systemd unit files

This option seems to break detection of the FIPS mode, which is needed
by gnutls.
---

diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
index 72b028f2..374f6333 100644
--- a/examples/chrony-wait.service
+++ b/examples/chrony-wait.service
@@ -25,7 +25,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 PrivateDevices=yes
 PrivateUsers=yes
-ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
diff --git a/examples/chronyd-restricted.service b/examples/chronyd-restricted.service
index 50998338..30ba7d9f 100644
--- a/examples/chronyd-restricted.service
+++ b/examples/chronyd-restricted.service
@@ -36,7 +36,6 @@ PrivateDevices=yes
 PrivateTmp=yes
 # This breaks adjtimex()
 #PrivateUsers=yes
-ProcSubset=pid
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
diff --git a/examples/chronyd.service b/examples/chronyd.service
index 4fb930ef..a42eb92a 100644
--- a/examples/chronyd.service
+++ b/examples/chronyd.service
@@ -24,7 +24,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 PrivateTmp=yes
-ProcSubset=pid
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes