From 2889fabaefc50040507ead652d6d2b212f476c2b Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Mon, 1 Feb 2021 13:12:15 -0800
Subject: [PATCH] cmd/tailscaled/tailscaled.service: revert recent hardening
 for now

It broke Debian Stretch. We'll try again later.

Updates #1245

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 cmd/tailscaled/tailscaled.service | 19 -------------------
 1 file changed, 19 deletions(-)

diff --git a/cmd/tailscaled/tailscaled.service b/cmd/tailscaled/tailscaled.service
index 7b847c54e..71dc89f1b 100644
--- a/cmd/tailscaled/tailscaled.service
+++ b/cmd/tailscaled/tailscaled.service
@@ -20,24 +20,5 @@ CacheDirectory=tailscale
 CacheDirectoryMode=0750
 Type=notify
 
-DeviceAllow=/dev/net/tun
-DeviceAllow=/dev/null
-DeviceAllow=/dev/random
-DeviceAllow=/dev/urandom
-DevicePolicy=strict
-LockPersonality=true
-MemoryDenyWriteExecute=true
-PrivateTmp=true
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectKernelTunables=true
-ProtectSystem=strict
-ReadWritePaths=/etc/
-ReadWritePaths=/run/
-ReadWritePaths=/var/run/
-RestrictSUIDSGID=true
-SystemCallArchitectures=native
-
 [Install]
 WantedBy=multi-user.target