blob: 96fdf6b299c49928779ad93dc1d08fcfbd16dab7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
The systemd bluetooth service failed to start because the /var/lib/bluetooth
path of ReadWritePaths= is created by the bluetooth daemon itself.
The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth
and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service.
The existing ProtectSystem=full option mounts the /usr, the boot loader
directories and /etc read-only. This means the two option are useless and could be removed.
Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329]
Index: bluez-5.64/src/bluetooth.service.in
===================================================================
--- bluez-5.64.orig/src/bluetooth.service.in
+++ bluez-5.64/src/bluetooth.service.in
@@ -15,12 +15,12 @@ LimitNPROC=1
# Filesystem lockdown
ProtectHome=true
-ProtectSystem=full
+ProtectSystem=strict
PrivateTmp=true
ProtectKernelTunables=true
ProtectControlGroups=true
-ReadWritePaths=@statedir@
-ReadOnlyPaths=@confdir@
+ConfigurationDirectory=bluetooth
+StateDirectory=bluetooth
# Execute Mappings
MemoryDenyWriteExecute=true
|
