From 1a8e7d63480d635d96db70cf842384fbd2ac42aa Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Wed, 8 Dec 2021 12:13:09 +0000
Subject: [PATCH] clightning: re-enable seccomp filtering

---
 modules/clightning.nix | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/modules/clightning.nix b/modules/clightning.nix
index 1c0cabf..4e1f3dc 100644
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@@ -148,14 +148,6 @@ in {
         Restart = "on-failure";
         RestartSec = "10s";
         ReadWritePaths = cfg.dataDir;
-
-        # TODO-EXTERNAL:
-        # The seccomp version used by systemd in NixOS 21.05 doesn't support
-        # handling syscall 436 (close_range), which has only recently been added:
-        # https://github.com/seccomp/libseccomp/commit/ac849e7960547d418009a783da654d5917dbfe2d
-        #
-        # Disable seccomp filtering because clightning depends on this syscall.
-        SystemCallFilter = [];
       } // nbLib.allowedIPAddresses cfg.tor.enforce;
       # Wait until the rpc socket appears
       postStart = ''