https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/8f35e18d18b18b8db959793fe73fc594e5da8cd5

From 8f35e18d18b18b8db959793fe73fc594e5da8cd5 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Wed, 17 Sep 2025 10:21:10 +0200
Subject: [PATCH] systemd: remove RestrictNamespaces from service file

Wireplumber loads the libcamera nodes into the pipewire server.
We need to remove the RestrictNamespaces option from the service file
to allow libcamera to load sandboxed IPA modules.
---
 src/daemon/systemd/system/pipewire.service.in | 1 -
 src/daemon/systemd/user/pipewire.service.in   | 1 -
 2 files changed, 2 deletions(-)

diff --git a/src/daemon/systemd/system/pipewire.service.in b/src/daemon/systemd/system/pipewire.service.in
index dc8db3f8f0..aeddea3008 100644
--- a/src/daemon/systemd/system/pipewire.service.in
+++ b/src/daemon/systemd/system/pipewire.service.in
@@ -18,7 +18,6 @@ Requires=pipewire.socket
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-RestrictNamespaces=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 Type=simple
diff --git a/src/daemon/systemd/user/pipewire.service.in b/src/daemon/systemd/user/pipewire.service.in
index 27818b4b94..c2621e421d 100644
--- a/src/daemon/systemd/user/pipewire.service.in
+++ b/src/daemon/systemd/user/pipewire.service.in
@@ -20,7 +20,6 @@ ConditionUser=!root
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-RestrictNamespaces=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service mincore
 Type=simple
-- 
GitLab