From 9b69ce37eb47ab67abb02dfb939dafe0af2c12f6 Mon Sep 17 00:00:00 2001
From: Alexander Gabriel <alexander.gabriel@digital-infinity.de>
Date: Sun, 6 Jun 2021 19:28:32 +0100
Subject: [PATCH] easier service-file, no error on rpi

---
 templates/step-ca.service.j2 | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/templates/step-ca.service.j2 b/templates/step-ca.service.j2
index e7c1de4..928b79f 100644
--- a/templates/step-ca.service.j2
+++ b/templates/step-ca.service.j2
@@ -23,26 +23,5 @@ TimeoutStopSec=30
 StartLimitInterval=30
 StartLimitBurst=3
 
-; Process capabilities & privileges
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-SecureBits=keep-caps
-NoNewPrivileges=yes
-
-; Sandboxing
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-PrivateTmp=true
-PrivateDevices=true
-ProtectControlGroups=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-LockPersonality=true
-RemoveIPC=true
-RestrictRealtime=true
-SystemCallFilter=@system-service
-SystemCallArchitectures=native
-MemoryDenyWriteExecute=true
-ReadWriteDirectories=/etc/step-ca/.step/db
-
 [Install]
 WantedBy=multi-user.target
\ No newline at end of file