systemd: Enable ProtectHome and ProtectSystem options These options protect from unintended access to the filesystem see SYSTEMD.EXEC(5) for mode detail.

commit: 20ab29090d24b34d14712b18040f86f7e10f06f3 [log] [tgz]
author: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Fri Apr 08 15:08:30 2016 +0300
committer: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> Fri Apr 08 15:08:30 2016 +0300
tree: ec1ee4f79cf791ece238d4ce1b1c0aff32c45c25
parent: 0628449e0c754a1efdc3d180aae451caf0febf0a [diff]
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 83e4732..f799f65 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in

@@ -12,6 +12,8 @@
 #Restart=on-failure
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 LimitNPROC=1
+ProtectHome=true
+ProtectSystem=full
 
 [Install]
 WantedBy=bluetooth.target
commit	20ab29090d24b34d14712b18040f86f7e10f06f3	[log] [tgz]
author	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	Fri Apr 08 15:08:30 2016 +0300
committer	Luiz Augusto von Dentz <luiz.von.dentz@intel.com>	Fri Apr 08 15:08:30 2016 +0300
tree	ec1ee4f79cf791ece238d4ce1b1c0aff32c45c25
parent	0628449e0c754a1efdc3d180aae451caf0febf0a [diff]