From 67f55767513d99a0f8c928aecce1086c556248b6 Mon Sep 17 00:00:00 2001
From: Daniel Richard G <skunk@iSKUNK.ORG>
Date: Mon, 22 May 2023 15:53:40 -0400
Subject: [PATCH] Add syscall filtering to xrdp systemd unit

---
 instfiles/xrdp.service.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/instfiles/xrdp.service.in b/instfiles/xrdp.service.in
index db52e31af8..a0d32ec81c 100644
--- a/instfiles/xrdp.service.in
+++ b/instfiles/xrdp.service.in
@@ -9,6 +9,8 @@ Type=exec
 EnvironmentFile=-@sysconfdir@/sysconfig/xrdp
 EnvironmentFile=-@sysconfdir@/default/xrdp
 ExecStart=@sbindir@/xrdp $XRDP_OPTIONS --nodaemon
+SystemCallArchitectures=native
+SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @process @signal sysinfo uname
 
 [Install]
 WantedBy=multi-user.target