build: Make use of StateDirectory and ConfigurationDirectory

This makes use of StateDirectory[1] and ConfigurationDirectory[1] to inform systemd what those paths are used for instead of using ReadWritePaths and ReadOnlyPaths which can lead to issues. Fixes: https://github.com/bluez/bluez/issues/329 [1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2022-04-15 14:20:46 -0700
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2022-04-18 16:52:59 -0700
commit: 0905a06410d4a5189f0be81e25eb3c3e8a2199c5 (patch)
tree: 820b29b2d99c351a9cadea6b46c9f9723e976470 /src/bluetooth.service.in
parent: 385e8d649e062e3b265b0970fa5e15107084cd2e (diff)
download: bluez-0905a06410d4a5189f0be81e25eb3c3e8a2199c5.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f18801866..4d39ad49d 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -15,12 +15,12 @@ LimitNPROC=1
 
 # Filesystem lockdown
 ProtectHome=true
-ProtectSystem=full
+ProtectSystem=strict
 PrivateTmp=true
 ProtectKernelTunables=true
 ProtectControlGroups=true
-ReadWritePaths=@statedir@
-ReadOnlyPaths=@confdir@
+StateDirectory=bluetooth
+ConfigurationDirectory=bluetooth
 
 # Execute Mappings
 MemoryDenyWriteExecute=true
author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-04-15 14:20:46 -0700
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2022-04-18 16:52:59 -0700
commit	0905a06410d4a5189f0be81e25eb3c3e8a2199c5 (patch)
tree	820b29b2d99c351a9cadea6b46c9f9723e976470 /src/bluetooth.service.in
parent	385e8d649e062e3b265b0970fa5e15107084cd2e (diff)
download	bluez-0905a06410d4a5189f0be81e25eb3c3e8a2199c5.tar.gz