From 3a262c390c511e2007768e7a55c82783fa1f3e2c Mon Sep 17 00:00:00 2001
From: Lucas Werkmeister <mail@lucaswerkmeister.de>
Date: Wed, 8 Feb 2017 00:36:51 +0100
Subject: [PATCH] Temporarily disable SystemCallFilter

systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.

Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b
---
 debian/cacert-gigi-testing.install                          | 1 +
 debian/cacert-gigi.install                                  | 1 +
 debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf | 3 +++
 3 files changed, 5 insertions(+)
 create mode 100644 debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf

diff --git a/debian/cacert-gigi-testing.install b/debian/cacert-gigi-testing.install
index c78a9de8..c9cf96ad 100644
--- a/debian/cacert-gigi-testing.install
+++ b/debian/cacert-gigi-testing.install
@@ -1,5 +1,6 @@
 debian/gigi-proxy.service /lib/systemd/system
 debian/gigi-proxy.service.d/SystemCallFilter.conf /lib/systemd/system/gigi-proxy.service.d
+debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf /lib/systemd/system/gigi-proxy.service.d
 debian/gigi-proxy.socket /lib/systemd/system
 debian/gigi-standalone.service /lib/systemd/system
 debian/gigi-simple-signer.service /lib/systemd/system
diff --git a/debian/cacert-gigi.install b/debian/cacert-gigi.install
index c78a9de8..c9cf96ad 100644
--- a/debian/cacert-gigi.install
+++ b/debian/cacert-gigi.install
@@ -1,5 +1,6 @@
 debian/gigi-proxy.service /lib/systemd/system
 debian/gigi-proxy.service.d/SystemCallFilter.conf /lib/systemd/system/gigi-proxy.service.d
+debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf /lib/systemd/system/gigi-proxy.service.d
 debian/gigi-proxy.socket /lib/systemd/system
 debian/gigi-standalone.service /lib/systemd/system
 debian/gigi-simple-signer.service /lib/systemd/system
diff --git a/debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf b/debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf
new file mode 100644
index 00000000..d0a49a21
--- /dev/null
+++ b/debian/gigi-proxy.service.d/Z-Disable-SystemCallFilter.conf
@@ -0,0 +1,3 @@
+[Service]
+# SystemCallFilter seems to be broken in some setups in Debian Stretch's systemd 232-r14
+SystemCallFilter=
-- 
2.39.2