Hi, On Fri, Apr 8, 2016 at 3:18 PM, Luiz Augusto von Dentz <luiz.dentz@xxxxxxxxx> wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@xxxxxxxxx> > > These options protect from unintended access to the filesystem see > SYSTEMD.EXEC(5) for mode detail. > --- > src/bluetooth.service.in | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in > index 83e4732..f799f65 100644 > --- a/src/bluetooth.service.in > +++ b/src/bluetooth.service.in > @@ -12,6 +12,8 @@ NotifyAccess=main > #Restart=on-failure > CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE > LimitNPROC=1 > +ProtectHome=true > +ProtectSystem=full > > [Install] > WantedBy=bluetooth.target > -- > 2.5.0 Applied. -- Luiz Augusto von Dentz -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
