As we will need those paths to lock down on them.
---
Makefile.am | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index e391d7ae8..2ba25e687 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,14 +28,14 @@ AM_CFLAGS = $(MISC_CFLAGS) $(WARNING_CFLAGS) $(UDEV_CFLAGS) $(LIBEBOOK_CFLAGS) \
$(LIBEDATASERVER_CFLAGS) $(ell_cflags)
AM_LDFLAGS = $(MISC_LDFLAGS)
+confdir = $(sysconfdir)/bluetooth
+statedir = $(localstatedir)/lib/bluetooth
+
if DATAFILES
dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d
dbus_DATA = src/bluetooth.conf
-confdir = $(sysconfdir)/bluetooth
conf_DATA =
-
-statedir = $(localstatedir)/lib/bluetooth
state_DATA =
endif
--
2.34.1
From: Craig Andrews <[email protected]>
PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different
namespace. This is useful to secure access to temporary files of the
process.
NoNewPrivileges ensures that service process and all its children
can never gain new privileges through execve(), lowering the risk of
possible privilege escalations.
---
src/bluetooth.service.in | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f9faaa452..7c2f60bb4 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,8 +12,14 @@ NotifyAccess=main
#Restart=on-failure
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
LimitNPROC=1
+
+# Filesystem lockdown
ProtectHome=true
ProtectSystem=full
+PrivateTmp=true
+
+# Privilege escalation
+NoNewPrivileges=true
[Install]
WantedBy=bluetooth.target
--
2.34.1
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=608628
---Test result---
Test Summary:
CheckPatch PASS 5.68 seconds
GitLint PASS 3.84 seconds
Prep - Setup ELL PASS 41.84 seconds
Build - Prep PASS 0.71 seconds
Build - Configure PASS 8.38 seconds
Build - Make PASS 1292.67 seconds
Make Check PASS 11.33 seconds
Make Check w/Valgrind PASS 448.95 seconds
Make Distcheck PASS 231.67 seconds
Build w/ext ELL - Configure PASS 8.74 seconds
Build w/ext ELL - Make PASS 1305.94 seconds
Incremental Build with patchesPASS 5303.63 seconds
---
Regards,
Linux Bluetooth
Hi Bastien,
On Wed, Jan 26, 2022 at 1:28 PM <[email protected]> wrote:
>
> This is automated email and please do not reply to this email!
>
> Dear submitter,
>
> Thank you for submitting the patches to the linux bluetooth mailing list.
> This is a CI test results with your patch series:
> PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=608628
>
> ---Test result---
>
> Test Summary:
> CheckPatch PASS 5.68 seconds
> GitLint PASS 3.84 seconds
> Prep - Setup ELL PASS 41.84 seconds
> Build - Prep PASS 0.71 seconds
> Build - Configure PASS 8.38 seconds
> Build - Make PASS 1292.67 seconds
> Make Check PASS 11.33 seconds
> Make Check w/Valgrind PASS 448.95 seconds
> Make Distcheck PASS 231.67 seconds
> Build w/ext ELL - Configure PASS 8.74 seconds
> Build w/ext ELL - Make PASS 1305.94 seconds
> Incremental Build with patchesPASS 5303.63 seconds
>
>
>
> ---
> Regards,
> Linux Bluetooth
Applied, thanks.
--
Luiz Augusto von Dentz