From 245c47e8eef7048456021c7e4b4dbb69489567f8 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 16 Jul 2018 12:15:01 +0100
Subject: [PATCH] Remove the PrivateDevices option from gpx-import

This now implies NoNewPrivileges=true which stops gpx-import
being able to run the (setuid) exim to send mail.
---
 cookbooks/web/recipes/gpx.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cookbooks/web/recipes/gpx.rb b/cookbooks/web/recipes/gpx.rb
index ecf63a9a9..370b3113f 100644
--- a/cookbooks/web/recipes/gpx.rb
+++ b/cookbooks/web/recipes/gpx.rb
@@ -74,7 +74,6 @@ systemd_service "gpx-import" do
   exec_start "#{gpx_directory}/src/gpx-import"
   exec_reload "/bin/kill -HUP $MAINPID"
   private_tmp true
-  private_devices true
   protect_system "full"
   protect_home true
   restart "on-failure"
-- 
2.43.2