systemd: Enable ProtectHome and ProtectSystem options

These options protect from unintended access to the filesystem see SYSTEMD.EXEC(5) for mode detail.
author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2016-04-08 15:08:30 +0300
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2016-04-08 15:08:30 +0300
commit: 20ab29090d24b34d14712b18040f86f7e10f06f3 (patch)
tree: ec1ee4f79cf791ece238d4ce1b1c0aff32c45c25 /src/bluetooth.service.in
parent: 0628449e0c754a1efdc3d180aae451caf0febf0a (diff)
download: bluez-20ab29090d24b34d14712b18040f86f7e10f06f3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 83e4732d0..f799f65f0 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,6 +12,8 @@ NotifyAccess=main
 #Restart=on-failure
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 LimitNPROC=1
+ProtectHome=true
+ProtectSystem=full
 
 [Install]
 WantedBy=bluetooth.target
author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2016-04-08 15:08:30 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	2016-04-08 15:08:30 +0300
commit	20ab29090d24b34d14712b18040f86f7e10f06f3 (patch)
tree	ec1ee4f79cf791ece238d4ce1b1c0aff32c45c25 /src/bluetooth.service.in
parent	0628449e0c754a1efdc3d180aae451caf0febf0a (diff)
download	bluez-20ab29090d24b34d14712b18040f86f7e10f06f3.tar.gz