From 2a16b9d559ea1d81195b8b09bf42ddfe5e9a3d5f Mon Sep 17 00:00:00 2001
From: Justin Ludwig <justin@arcemtene.com>
Date: Sun, 8 Mar 2020 20:14:16 -0700
Subject: [PATCH] relax execmem restrictions for feeder service tls

Signed-off-by: Justin Ludwig <justin@arcemtene.com>
---
 feeder/etc/feeder.service | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/feeder/etc/feeder.service b/feeder/etc/feeder.service
index 8fbaf8f..bd4876f 100644
--- a/feeder/etc/feeder.service
+++ b/feeder/etc/feeder.service
@@ -13,7 +13,9 @@ Restart=always
 
 # HARDENING
 LockPersonality=yes
-MemoryDenyWriteExecute=yes
+# listening for TLS connections requires write+execute memory
+# see https://github.com/pyca/pyopenssl/issues/873
+# MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 PrivateDevices=yes
 PrivateTmp=yes
-- 
2.32.0