I've been on a bit of a mission lately to improve the hardening of
systemd services wherever I can find them. Today, I ran across this one.
I believe the hardening of the bluetooth.service (
https://git.kernel.org/cgit/bluetooth/bluez.git/tree/src/bluetooth.service.in
) can be easily improved by adding these 2 lines:
PrivateTmp=true
NoNewPrivileges=true
If there is agreement, can a committer please make this change?
Thanks,
~Craig
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
