mkosi/kodi: cleanup Capability and SystemCallFilter

[dotfiles.git] / mkosi / kodi / mkosi.nspawn

diff --git a/mkosi/kodi/mkosi.nspawn b/mkosi/kodi/mkosi.nspawn
index 2200128314fcf748449b5ad504a938487237e4cf..61bb674d7a8103d4f432b91db449076361493387 100644 (file)
--- a/mkosi/kodi/mkosi.nspawn
+++ b/mkosi/kodi/mkosi.nspawn
@@ -1,7 +1,5 @@
 [Exec]
 PrivateUsers=no
-Capability=all
-SystemCallFilter=@default @raw-io @system-service @known
 
 [Files]
 # binds host kodi home folder into nspawn
@@ -20,6 +18,9 @@ Bind=/dev/tty1
 BindReadOnly=/dev/bus/usb
 BindReadOnly=/dev/dri
 BindReadOnly=/dev/input
+BindReadOnly=/dev/uinput
+# libinput reads this to know about devices
+BindReadOnly=/run/udev
 BindReadOnly=/dev/lirc0
 BindReadOnly=/dev/vga_arbiter
 BindReadOnly=/lib/modules