From 330b3f748baa6e05229a174415965a065e2f7f0c Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 15 Nov 2022 18:39:59 +0000
Subject: [PATCH] Relax sandboxing to allow JIT for osmosis

---
 cookbooks/planet/recipes/replication.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 85d49bc09..fa9649a38 100644
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -312,6 +312,7 @@ systemd_service "replication-hourly" do
   exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
+  memory_deny_write_execute false
   read_write_paths [
     "/store/planet/replication/hour",
     "/var/lib/replication/hour"
@@ -355,6 +356,7 @@ systemd_service "replication-daily" do
   exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
+  memory_deny_write_execute false
   read_write_paths [
     "/store/planet/replication/day",
     "/var/lib/replication/day"
-- 
2.43.2