From e224913b80e303afd89e3462acc269aa5fbfcbf9 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Fri, 6 Nov 2020 10:22:32 +0100
Subject: [PATCH] Revert "data: Add additional fprintd lockdown"

The current lockdown rules prevent USB devices from being accessed and
cause threading to not work.
As such, revert them until it is clear on how/if we can apply these
measures. It is primarily not clear on how to prevent fork/clone as
fprintd does not need those.

This reverts commit 2fd86624e502687775901e65b005802d47fe7106.

See: #82
---
 data/fprintd.service.in | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/data/fprintd.service.in b/data/fprintd.service.in
index daca723..9ea7a2a 100644
--- a/data/fprintd.service.in
+++ b/data/fprintd.service.in
@@ -15,8 +15,6 @@ ProtectControlGroups=true
 StateDirectory=fprint
 ProtectHome=true
 PrivateTmp=true
-ProtectKernelLogs=yes
-SystemCallFilter=@system-service
 
 # Network
 PrivateNetwork=true
@@ -33,8 +31,3 @@ RestrictRealtime=true
 
 # Privilege escalation
 NoNewPrivileges=true
-TasksMax=1
-
-# Capabilities
-CapabilityBoundingSet=
-ProtectClock=yes