From 3c176ce1580a3e5232bc1837b51aa3ec288b809d Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Mon, 1 Jul 2019 03:07:14 -0400
Subject: [PATCH] allow permissions openat mkdir

since required in Qubes Debian templates
---
 lib/systemd/system/proc-hidepid.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/systemd/system/proc-hidepid.service b/lib/systemd/system/proc-hidepid.service
index c7feada..f1f7a9b 100644
--- a/lib/systemd/system/proc-hidepid.service
+++ b/lib/systemd/system/proc-hidepid.service
@@ -21,7 +21,7 @@ NoNewPrivileges=true
 RestrictRealtime=true
 SystemCallArchitectures=native
 RestrictNamespaces=true
-SystemCallFilter=mount munmap access read open close stat fstat lstat mmap mprotect brk rt_sigaction rt_sigprocmask execve readlink getrlimit getuid getgid geteuid getegid statfs prctl arch_prctl set_tid_address newfstatat set_robust_list
+SystemCallFilter=mount munmap access read open close stat fstat lstat mmap mprotect brk rt_sigaction rt_sigprocmask execve readlink getrlimit getuid getgid geteuid getegid statfs prctl arch_prctl set_tid_address newfstatat set_robust_list openat mkdir
 
 [Install]
 WantedBy=multi-user.target