From 5399e37c56205cacb8373f3310ec69be7c47de63 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 15 Nov 2022 19:16:24 +0000
Subject: [PATCH] Use default sandboxing for tilelog service

---
 cookbooks/tilelog/recipes/default.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/cookbooks/tilelog/recipes/default.rb b/cookbooks/tilelog/recipes/default.rb
index 8a53bab54..44791c288 100644
--- a/cookbooks/tilelog/recipes/default.rb
+++ b/cookbooks/tilelog/recipes/default.rb
@@ -55,12 +55,8 @@ systemd_service "tilelog" do
   user "www-data"
   exec_start "/usr/local/bin/tilelog"
   nice 10
-  private_tmp true
-  private_devices true
-  protect_system "strict"
-  protect_home true
+  sandbox :enable_network => true
   read_write_paths tilelog_output_directory
-  no_new_privileges true
 end
 
 systemd_timer "tilelog" do
-- 
2.39.5