From 53689df6456e629959b9c0ec19b09c2cb16424eb Mon Sep 17 00:00:00 2001
From: Jip-Hop <2871973+Jip-Hop@users.noreply.github.com>
Date: Sat, 27 Jan 2024 12:23:45 +0100
Subject: [PATCH] Remove redundant system-call-filter

Since SYSTEMD_SECCOMP=0 adding system-call-filter is redundant
---
 jlmkr.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/jlmkr.py b/jlmkr.py
index 32d9546..2281f19 100755
--- a/jlmkr.py
+++ b/jlmkr.py
@@ -389,7 +389,6 @@ def start_jail(jail_name, check_startup_enabled=False):
         # Add additional flags required for docker
         systemd_nspawn_additional_args += [
             "--capability=all",
-            "--system-call-filter=add_key keyctl bpf",
         ]
 
     # Legacy gpu_passthrough config setting
@@ -978,7 +977,12 @@ def create_jail(jail_name, distro="debian", release="bookworm"):
             "--setenv=SYSTEMD_NSPAWN_LOCK=0",
         ]
 
-        systemd_nspawn_default_args = ["--keep-unit", "--quiet", "--boot", "--bind-ro=/sys/module"]
+        systemd_nspawn_default_args = [
+            "--keep-unit",
+            "--quiet",
+            "--boot",
+            "--bind-ro=/sys/module",
+        ]
 
         config = cleandoc(
             f"""