From 4a8dfbb37eb52d92e42b71635aca4b0656ef2dbc Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Sun, 27 Nov 2022 18:45:13 +0000
Subject: [PATCH] Use default sandbox for planetdump

---
 cookbooks/planet/recipes/dump.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index 95c0a4a69..d56575011 100644
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -115,9 +115,7 @@ systemd_service "planetdump@" do
   user "www-data"
   exec_start "/usr/local/bin/planetdump %i"
   memory_max "64G"
-  private_tmp true
-  protect_system "strict"
-  protect_home true
+  sandbox true
   read_write_paths [
     "/store/planetdump",
     "/store/planet/pbf",
-- 
2.43.2