mirror of
https://gitlab.postmarketos.org/postmarketOS/pmaports.git
synced 2025-07-16 02:05:11 +03:00
06d1177575
Let's put everything systemd related in an extra-repos directory, so it is clear that the packages from here will end up in a separate, optional binary package repository.
38 lines
756 B
Desktop File
38 lines
756 B
Desktop File
[Unit]
|
|
Description=Bluetooth service
|
|
Documentation=man:bluetoothd(8)
|
|
ConditionPathIsDirectory=/sys/class/bluetooth
|
|
|
|
[Service]
|
|
Type=dbus
|
|
BusName=org.bluez
|
|
ExecStart=/usr/lib/bluetooth/bluetoothd
|
|
NotifyAccess=main
|
|
#WatchdogSec=10
|
|
#Restart=on-failure
|
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
LimitNPROC=1
|
|
|
|
# Filesystem lockdown
|
|
ProtectHome=true
|
|
ProtectSystem=strict
|
|
PrivateTmp=true
|
|
ProtectKernelTunables=true
|
|
ProtectControlGroups=true
|
|
StateDirectory=bluetooth
|
|
StateDirectoryMode=0700
|
|
ConfigurationDirectory=bluetooth
|
|
ConfigurationDirectoryMode=0555
|
|
|
|
# Execute Mappings
|
|
MemoryDenyWriteExecute=true
|
|
|
|
# Privilege escalation
|
|
NoNewPrivileges=true
|
|
|
|
# Real-time
|
|
RestrictRealtime=true
|
|
|
|
[Install]
|
|
WantedBy=bluetooth.target
|
|
Alias=dbus-org.bluez.service
|