Revert "fix(fedimint): run fmcd with seccomp=unconfined so its DHT can start (#7)"

This reverts commit 409543c41e78025354acbdde5ffc6445895d4508.

apps/fedimint-clientd/manifest.yml

@@ -42,12 +42,6 @@ app:
     # skip this whole manifest, so fmcd never ran and federations never joined.)
     # Lock down once the default federation's reachability model is finalized.
     network_policy: bridge
-    # fmcd's Mainline-DHT / iroh transport uses syscalls the default rootless
-    # seccomp profile blocks on some kernels (e.g. .116, kernel 6.12.74), where
-    # fmcd crash-loops "Operation not permitted (os error 1)" and never serves
-    # its REST API — so federations can't be joined (#7). Verified: with
-    # seccomp=unconfined fmcd boots and answers /v2/* (HTTP 401 vs dead 000).
-    seccomp_unconfined: true
 
   ports:
     # fmcd REST bound to 8080 in-container; 8080 collides with LND REST on the

core/archipelago/src/container/quadlet.rs

@@ -149,9 +149,6 @@ pub struct QuadletUnit {
     pub command: Vec<String>,
     pub read_only_root: bool,
     pub no_new_privileges: bool,
-    /// Render `SeccompProfile=unconfined` — for daemons whose networking needs
-    /// syscalls the default rootless seccomp profile blocks (e.g. fmcd, #7).
-    pub seccomp_unconfined: bool,
     pub cpu_quota: Option<u32>,
     pub restart_policy: RestartPolicy,
 }
@@ -255,9 +252,6 @@ impl QuadletUnit {
         if self.no_new_privileges {
             let _ = writeln!(s, "NoNewPrivileges=true");
         }
-        if self.seccomp_unconfined {
-            let _ = writeln!(s, "SeccompProfile=unconfined");
-        }
         if let Some(cpus) = self.cpu_quota {
             let _ = writeln!(s, "PodmanArgs=--cpus={cpus}");
         }
@@ -414,7 +408,6 @@ impl QuadletUnit {
             command: app.container.custom_args.clone(),
             read_only_root: app.security.readonly_root,
             no_new_privileges: app.security.no_new_privileges,
-            seccomp_unconfined: app.security.seccomp_unconfined,
             cpu_quota: app.resources.cpu_limit,
             restart_policy: RestartPolicy::OnFailure,
         }

core/container/src/manifest.rs

@@ -228,13 +228,6 @@ pub struct SecurityPolicy {
     pub network_policy: String,
     #[serde(default)]
     pub apparmor_profile: Option<String>,
-    /// Run the container with `seccomp=unconfined`. Needed by daemons whose
-    /// networking uses syscalls blocked by the default rootless seccomp profile
-    /// on some kernels — e.g. fmcd's Mainline-DHT/iroh transport, which otherwise
-    /// crash-loops with "Operation not permitted (os error 1)" (#7). Opt-in only;
-    /// a mild relaxation, so reserve it for apps that genuinely need it.
-    #[serde(default)]
-    pub seccomp_unconfined: bool,
 }
 
 fn default_true() -> bool {

core/container/src/podman_client.rs

@@ -384,17 +384,6 @@ impl PodmanClient {
                 "nsmode": net_mode
             },
         });
-        // seccomp=unconfined for apps that need syscalls the default rootless
-        // profile blocks (e.g. fmcd's DHT) — libpod takes the literal "unconfined"
-        // as the profile path, mirroring `--security-opt seccomp=unconfined` (#7).
-        if manifest.app.security.seccomp_unconfined {
-            body.as_object_mut()
-                .expect("container create body is a JSON object")
-                .insert(
-                    "seccomp_profile_path".to_string(),
-                    serde_json::json!("unconfined"),
-                );
-        }
         if let Some(network) = custom_network {
             body.as_object_mut()
                 .expect("container create body is a JSON object")