From fa3e1202c47a450bad4c0a054daaef4266303050 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 26 Jan 2024 09:24:41 -0500
Subject: [PATCH] Relax systemd device policy to allow /dev/fuse access

---
 confluent_server/systemd/confluent.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confluent_server/systemd/confluent.service b/confluent_server/systemd/confluent.service
index da0fee7b..598c23c9 100644
--- a/confluent_server/systemd/confluent.service
+++ b/confluent_server/systemd/confluent.service
@@ -16,7 +16,7 @@ Restart=on-failure
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID CAP_CHOWN CAP_NET_RAW
 User=confluent
 Group=confluent
-DevicePolicy=closed
+#DevicePolicy=closed # fuse filesystem requires us to interact with /dev/fuse
 ProtectControlGroups=true
 ProtectSystem=true