add: verbose syscall filter list for compatibility

4 years ago · a0ef441eea
parent 989ab443b9
commit a0ef441eea
1 changed files with 2 additions and 1 deletions
--- a/myip.service
+++ b/myip.service
@ -13,7 +13,8 @@ LockPersonality=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 RemoveIPC=true
-SystemCallFilter=@system-service
+SystemCallFilter=@network-io @basic-io @signal @file-system @process @io-event mprotect brk
+SystemCallFilter=~@mount
 ProtectSystem=strict
 ProtectHome=true
 RuntimeDirectory=myip