From a734c7ed80f62f545aae689f467bafd815dc3aba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Tue, 9 Apr 2024 15:22:49 +0200
Subject: [PATCH] fix: disable statements that are not supported in RHEL 7
 systemd version

---
 .../rosetta_maintenance_begin.service.j2       | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/templates/usr/local/lib/systemd/system/rosetta_maintenance_begin.service.j2 b/templates/usr/local/lib/systemd/system/rosetta_maintenance_begin.service.j2
index 056d22d..9a63802 100644
--- a/templates/usr/local/lib/systemd/system/rosetta_maintenance_begin.service.j2
+++ b/templates/usr/local/lib/systemd/system/rosetta_maintenance_begin.service.j2
@@ -15,15 +15,15 @@ Group={{ vault_rosetta_group }}
 # or at `man (5) systemd.exec`
 ProtectSystem=strict
 ProtectHome=read-only
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-LockPersonality=true
-MemoryDenyWriteExecute=true
-RestrictRealtime=true
+#ProtectHostname=true
+#ProtectClock=true
+#ProtectKernelTunables=true
+#ProtectKernelModules=true
+#ProtectKernelLogs=true
+#ProtectControlGroups=true
+#LockPersonality=true
+#MemoryDenyWriteExecute=true
+#RestrictRealtime=true
 #RestrictSUIDSGID=true
 ## RemoveIPC=true
 ## PrivateMounts=true
-- 
GitLab