From 2f02cc83adf1ffd6821d6cf6f963da824c66f5ef Mon Sep 17 00:00:00 2001
From: Lukas Rusak <lorusak@gmail.com>
Date: Sun, 7 Jul 2019 09:35:28 -0700
Subject: [PATCH] iwd: disable seccomp options for now as it breaks the service

---
 packages/network/iwd/package.mk | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/network/iwd/package.mk b/packages/network/iwd/package.mk
index 4c32d1bdc4..5b9e798471 100644
--- a/packages/network/iwd/package.mk
+++ b/packages/network/iwd/package.mk
@@ -20,6 +20,20 @@ pre_configure_target() {
   export LIBS="-lncurses"
 }
 
+post_makeinstall_target() {
+  # ProtectSystem et al seems to break the service when systemd isn't built with seccomp.
+  # investigate this more as it might be a systemd problem or kernel problem
+  sed -e 's|^\(PrivateTmp=.*\)$|#\1|g' \
+      -e 's|^\(NoNewPrivileges=.*\)$|#\1|g' \
+      -e 's|^\(PrivateDevices=.*\)$|#\1|g' \
+      -e 's|^\(ProtectHome=.*\)$|#\1|g' \
+      -e 's|^\(ProtectSystem=.*\)$|#\1|g' \
+      -e 's|^\(ReadWritePaths=.*\)$|#\1|g' \
+      -e 's|^\(ProtectControlGroups=.*\)$|#\1|g' \
+      -e 's|^\(ProtectKernelModules=.*\)$|#\1|g' \
+      -i $INSTALL/usr/lib/systemd/system/iwd.service
+}
+
 post_install() {
   enable_service iwd.service
 }