diff options
author | Craig Andrews <candrews@integralblue.com> | 2022-01-26 12:36:36 +0100 |
---|---|---|
committer | Luiz Augusto von Dentz <luiz.von.dentz@intel.com> | 2022-01-31 10:37:54 -0800 |
commit | 8d2db81eb7f508bbe4c89c3e9178a11ee086912e (patch) | |
tree | e83c84804bea9da4e1277b7e88d67bf866d6e9cd /src/bluetooth.service.in | |
parent | caeabc41274fce997edf9314de1d7f1e9ae04055 (diff) | |
download | bluez-8d2db81eb7f508bbe4c89c3e9178a11ee086912e.tar.gz |
systemd: Add PrivateTmp and NoNewPrivileges options
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
process.
NoNewPrivileges ensures that service process and all its children
can never gain new privileges through execve(), lowering the risk of
possible privilege escalations.
Diffstat (limited to 'src/bluetooth.service.in')
-rw-r--r-- | src/bluetooth.service.in | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in index f9faaa452..7c2f60bb4 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -12,8 +12,14 @@ NotifyAccess=main #Restart=on-failure CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE LimitNPROC=1 + +# Filesystem lockdown ProtectHome=true ProtectSystem=full +PrivateTmp=true + +# Privilege escalation +NoNewPrivileges=true [Install] WantedBy=bluetooth.target |