| Patrick Williams | 03907ee | 2022-05-01 06:28:52 -0500 | [diff] [blame] | 1 | The systemd bluetooth service failed to start because the /var/lib/bluetooth |
| 2 | path of ReadWritePaths= is created by the bluetooth daemon itself. |
| 3 | |
| 4 | The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth |
| 5 | and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service. |
| 6 | The existing ProtectSystem=full option mounts the /usr, the boot loader |
| 7 | directories and /etc read-only. This means the two option are useless and could be removed. |
| 8 | |
| 9 | Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329] |
| 10 | |
| 11 | Index: bluez-5.64/src/bluetooth.service.in |
| 12 | =================================================================== |
| 13 | --- bluez-5.64.orig/src/bluetooth.service.in |
| 14 | +++ bluez-5.64/src/bluetooth.service.in |
| 15 | @@ -15,12 +15,12 @@ LimitNPROC=1 |
| 16 | |
| 17 | # Filesystem lockdown |
| 18 | ProtectHome=true |
| 19 | -ProtectSystem=full |
| 20 | +ProtectSystem=strict |
| 21 | PrivateTmp=true |
| 22 | ProtectKernelTunables=true |
| 23 | ProtectControlGroups=true |
| 24 | -ReadWritePaths=@statedir@ |
| 25 | -ReadOnlyPaths=@confdir@ |
| 26 | +ConfigurationDirectory=bluetooth |
| 27 | +StateDirectory=bluetooth |
| 28 | |
| 29 | # Execute Mappings |
| 30 | MemoryDenyWriteExecute=true |