Remove the PrivateDevices option from gpx-import

This now implies NoNewPrivileges=true which stops gpx-import
being able to run the (setuid) exim to send mail.

diff --git a/cookbooks/web/recipes/gpx.rb b/cookbooks/web/recipes/gpx.rb
index ecf63a9a9573dcfeea8b8da0559270d9feb68f56..370b3113fd115d84f2d0df2b7e41b593da5ce422 100644 (file)
--- a/cookbooks/web/recipes/gpx.rb
+++ b/cookbooks/web/recipes/gpx.rb
@@ -74,7 +74,6 @@ systemd_service "gpx-import" do
   exec_start "#{gpx_directory}/src/gpx-import"
   exec_reload "/bin/kill -HUP $MAINPID"
   private_tmp true
-  private_devices true
   protect_system "full"
   protect_home true
   restart "on-failure"