From ad48c8a88144397c127a9f01a9ad42e60baf1d13 Mon Sep 17 00:00:00 2001
From: max furman <mx.furman@gmail.com>
Date: Mon, 1 Mar 2021 15:48:07 -0800
Subject: [PATCH] [systemd file] add note about commenting sandboxing section
 for troubleshooting

---
 systemd/step-ca.service | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/systemd/step-ca.service b/systemd/step-ca.service
index 48dae272..d500ab59 100644
--- a/systemd/step-ca.service
+++ b/systemd/step-ca.service
@@ -32,6 +32,8 @@ NoNewPrivileges=yes
 ; Sandboxing
 ; This sandboxing works with YubiKey PIV (via pcscd HTTP API), but it is likely
 ; too restrictive for PKCS#11 HSMs.
+;
+; NOTE: Comment out the rest of this section for troubleshooting.
 ProtectSystem=full
 ProtectHome=true
 RestrictNamespaces=true