cmd/tailscaled/tailscaled.service: revert recent hardening for now

It broke Debian Stretch. We'll try again later. Updates #1245 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit 2889fabaefc50040507ead652d6d2b212f476c2b)
2025-02-22 04:48:39 +00:00 · 2021-02-01 13:12:15 -08:00 · 2021-02-01 13:12:15 -08:00 · bb0ef32dd2
commit bb0ef32dd2
parent dde7ba4ecf
1 changed files with 0 additions and 19 deletions
--- a/cmd/tailscaled/tailscaled.service
+++ b/cmd/tailscaled/tailscaled.service
@ -20,24 +20,5 @@ CacheDirectory=tailscale
 CacheDirectoryMode=0750
 Type=notify

-DeviceAllow=/dev/net/tun
-DeviceAllow=/dev/null
-DeviceAllow=/dev/random
-DeviceAllow=/dev/urandom
-DevicePolicy=strict
-LockPersonality=true
-MemoryDenyWriteExecute=true
-PrivateTmp=true
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-ReadWritePaths=/etc/
-ReadWritePaths=/run/
-ReadWritePaths=/var/run/
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-
 [Install]
 WantedBy=multi-user.target