From 7367a8fc4bbb4b8ea3991c9985f463fcdf0aa6d0 Mon Sep 17 00:00:00 2001
From: Chris Down <chris@chrisdown.name>
Date: Fri, 17 Feb 2017 14:05:24 -0500
Subject: [PATCH] Do not filter syscalls in systemd init

Since we don't write the applications we use, this is liable to break
pretty easily for new/older versions than tested on. The other
protections should be sufficient.
---
 init/clipmenud.service | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/init/clipmenud.service b/init/clipmenud.service
index 029ad0c..3912619 100644
--- a/init/clipmenud.service
+++ b/init/clipmenud.service
@@ -7,16 +7,6 @@ Restart=always
 RestartSec=0
 Environment=DISPLAY=:0
 
-SystemCallFilter=@basic-io @default @io-event @ipc @network-io @process \
-                 brk fadvise64 getegid geteuid getgid getgroups getpgrp \
-                 getpid getppid getrlimit getuid ioctl mprotect rt_sigaction \
-                 rt_sigprocmask setitimer setsid sysinfo umask uname wait4
-
-# @file-system will handle this once v233 is released, see
-# http://bit.ly/2l1r8Ah for more details.
-SystemCallFilter=access chdir close faccessat fcntl fstat getcwd mkdir mmap \
-                 munmap open stat statfs unlink
-
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 ProtectControlGroups=yes