From 12de86ca21795625eb6f089dc984ccaab2c1ec48 Mon Sep 17 00:00:00 2001
From: Andrew Cooks <acooks@gmail.com>
Date: Fri, 19 Jun 2026 15:02:52 +1000
Subject: [PATCH] fix(deploy): drop ReadWritePaths that conflicts with
 PrivateTmp

With PrivateTmp=yes the unit gets a fresh, private /tmp, so the host
path /tmp/jittertrap that ReadWritePaths tries to bind-mount does not
exist in the unit's namespace and the service fails to start:

  Failed to set up mount namespacing: /tmp/jittertrap: No such file or directory
  ... status=226/NAMESPACE

PrivateTmp already provides a writable, isolated /tmp, so ReadWritePaths
is redundant here. Remove it from both unit files.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 deploy/jittertrap-monitor.service | 2 --
 deploy/jittertrap.service         | 2 --
 2 files changed, 4 deletions(-)

diff --git a/deploy/jittertrap-monitor.service b/deploy/jittertrap-monitor.service
index c6c13f3..ce8a0ce 100644
--- a/deploy/jittertrap-monitor.service
+++ b/deploy/jittertrap-monitor.service
@@ -34,8 +34,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=no
 
-# Allow writing pcap files
-ReadWritePaths=/tmp/jittertrap
 
 # Restart policy
 Restart=on-failure
diff --git a/deploy/jittertrap.service b/deploy/jittertrap.service
index 05f442b..76ba090 100644
--- a/deploy/jittertrap.service
+++ b/deploy/jittertrap.service
@@ -34,8 +34,6 @@ LockPersonality=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=no
 
-# Allow writing pcap files
-ReadWritePaths=/tmp/jittertrap
 
 # Restart policy
 Restart=on-failure