From f56840a68271c52fa17a51f7de2601e55da14018 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Wed, 19 Oct 2016 23:11:26 +0200
Subject: [PATCH] Don't let systemd hide /home and /tmp

Admins might expect ejabberd to be able to access data below /home or
/tmp.  For example, they might use those locations to dump/restore
Mnesia backups, or as a document root for mod_http_fileserver or
mod_http_upload.

Fixes #1297.
---
 ejabberd.service.template | 2 --
 1 file changed, 2 deletions(-)

diff --git a/ejabberd.service.template b/ejabberd.service.template
index 49ba14737..fdb8fd0b7 100644
--- a/ejabberd.service.template
+++ b/ejabberd.service.template
@@ -14,9 +14,7 @@ Type=oneshot
 RemainAfterExit=yes
 # The CAP_DAC_OVERRIDE capability is required for pam authentication to work
 CapabilityBoundingSet=CAP_DAC_OVERRIDE
-PrivateTmp=true
 PrivateDevices=true
-ProtectHome=true
 ProtectSystem=full
 NoNewPrivileges=true