From a226ecb27f7321ca750b661b25a2a8292a0239b0 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Wed, 18 Oct 2023 01:07:56 +0200
Subject: [PATCH] fix(kanidm): allow restarter to run

---
 modules/meta/kanidm.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/meta/kanidm.nix b/modules/meta/kanidm.nix
index e8fd67e..b28f842 100644
--- a/modules/meta/kanidm.nix
+++ b/modules/meta/kanidm.nix
@@ -88,10 +88,10 @@
     ProtectHostname = true;
     # Would re-mount paths ignored by temporary root
     #ProtectSystem = "strict";
-    ProtectControlGroups = true;
+    # ProtectControlGroups = true; # needed for restarter script
     ProtectKernelLogs = true;
     ProtectKernelModules = true;
-    ProtectKernelTunables = true;
+    # ProtectKernelTunables = true; # needed for restarter script
     ProtectProc = "invisible";
     RestrictAddressFamilies = [];
     RestrictNamespaces = true;