From 497c0c8308521c021eb31e51c7d1985326b245ca Mon Sep 17 00:00:00 2001
From: electricface <songwentai@uniontech.com>
Date: Mon, 29 Dec 2025 13:32:14 +0800
Subject: [PATCH] feat: Allow lastore-daemon.service to configure kernel
 parameters

Task: https://pms.uniontech.com/task-view-385069.html
---
 lib/systemd/system/lastore-daemon.service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/systemd/system/lastore-daemon.service b/lib/systemd/system/lastore-daemon.service
index 16c229360..0e0d98c3d 100644
--- a/lib/systemd/system/lastore-daemon.service
+++ b/lib/systemd/system/lastore-daemon.service
@@ -10,7 +10,8 @@ After=display-manager.service
 # PrivateDevices=true is not set because grub-mkconfig is executed when creating backup deployment.
 # PrivateTmp=true is not set because it relies on /tmp to record state.
 # ProtectHome=true is not set because sudo is needed to connect to the user Session Bus and send DDE message notifications.
-# ProtectKernelModules=true is not set because kernel packages need to be installed
+# ProtectKernelModules=true is not set because kernel packages need to be installed.
+# ProtectKernelTunables=true is not set because some packages may need to set kernel parameters during package operations.
 # ProtectProc=true is not set because it needs to access caller process environment variables.
 # ProtectSystem=strict is not set because dpkg needs to be called to upgrade the system.
 # RestrictSUIDSGID=true is not set because some packages may need to set SUID and SGID during installation.
@@ -22,7 +23,6 @@ ExecStart=/usr/libexec/lastore-daemon/lastore-daemon
 NoNewPrivileges=true
 PrivateIPC=true
 ProtectClock=true
-ProtectKernelTunables=true
 RuntimeDirectory=lastore
 RuntimeDirectoryMode=0750
 StandardError=null