From: Craig Andrews <candrews@xxxxxxxxxxxxxxxx> PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different namespace. This is useful to secure access to temporary files of the process. NoNewPrivileges ensures that service process and all its children can never gain new privileges through execve(), lowering the risk of possible privilege escalations. --- src/bluetooth.service.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in index f9faaa452..7c2f60bb4 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -12,8 +12,14 @@ NotifyAccess=main #Restart=on-failure CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE LimitNPROC=1 + +# Filesystem lockdown ProtectHome=true ProtectSystem=full +PrivateTmp=true + +# Privilege escalation +NoNewPrivileges=true [Install] WantedBy=bluetooth.target -- 2.34.1
