From bc7629175025ed1c7cf6458a0cdc79c67d9247fe Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 15 Jun 2023 15:23:40 +0200
Subject: [PATCH] examples: don't set ProcSubset=pid in systemd unit files

This option seems to break detection of the FIPS mode, which is needed
by gnutls.
---
 examples/chrony-wait.service        | 1 -
 examples/chronyd-restricted.service | 1 -
 examples/chronyd.service            | 1 -
 3 files changed, 3 deletions(-)

diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
index 72b028f..374f633 100644
--- a/examples/chrony-wait.service
+++ b/examples/chrony-wait.service
@@ -25,7 +25,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 PrivateDevices=yes
 PrivateUsers=yes
-ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
diff --git a/examples/chronyd-restricted.service b/examples/chronyd-restricted.service
index 5099833..30ba7d9 100644
--- a/examples/chronyd-restricted.service
+++ b/examples/chronyd-restricted.service
@@ -36,7 +36,6 @@ PrivateDevices=yes
 PrivateTmp=yes
 # This breaks adjtimex()
 #PrivateUsers=yes
-ProcSubset=pid
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
diff --git a/examples/chronyd.service b/examples/chronyd.service
index 4fb930e..a42eb92 100644
--- a/examples/chronyd.service
+++ b/examples/chronyd.service
@@ -24,7 +24,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 PrivateTmp=yes
-ProcSubset=pid
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes