From 9f9e1ce504c39788e3e011ab3b83041277eb1da9 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Tue, 2 Dec 2025 13:49:36 +0900
Subject: [PATCH] assets/systemd: remove landlock instructions from seccomp
 filter by default

---
 assets/systemd/muscl.service | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/assets/systemd/muscl.service b/assets/systemd/muscl.service
index 750c7b8..81b6680 100644
--- a/assets/systemd/muscl.service
+++ b/assets/systemd/muscl.service
@@ -51,6 +51,10 @@ RestrictRealtime=true
 RestrictSUIDSGID=true
 SocketBindDeny=any
 SystemCallArchitectures=native
-SystemCallFilter=@system-service @sandbox
+
+SystemCallFilter=@system-service
+# This is needed for landlock
+# SystemCallFilter=@sandbox
 SystemCallFilter=~@privileged @resources
+
 UMask=0777