cmd/tailscaled/tailscaled.service: revert recent hardening for now

It broke Debian Stretch. We'll try again later. Updates #1245 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit 2889fabaef)
2025-11-16 02:44:28 +00:00 · 2021-02-01 13:12:15 -08:00
parent dde7ba4ecf
commit bb0ef32dd2
1 changed files with 0 additions and 19 deletions
--- a/cmd/tailscaled/tailscaled.service
+++ b/cmd/tailscaled/tailscaled.service
@@ -20,24 +20,5 @@ CacheDirectory=tailscale
 CacheDirectoryMode=0750
 Type=notify

-DeviceAllow=/dev/net/tun
-DeviceAllow=/dev/null
-DeviceAllow=/dev/random
-DeviceAllow=/dev/urandom
-DevicePolicy=strict
-LockPersonality=true
-MemoryDenyWriteExecute=true
-PrivateTmp=true
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-ReadWritePaths=/etc/
-ReadWritePaths=/run/
-ReadWritePaths=/var/run/
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-
 [Install]
 WantedBy=multi-user.target