From: Luiz Augusto von Dentz <[email protected]>
This sets ConfigurationDirectoryMode to 0555 to really enforce the
ConfigurationDirectory to be read-only [1].
[1] https://github.com/bluez/bluez/issues/329#issuecomment-1102459104
---
src/bluetooth.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 4ea98b506..beb98ce0c 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -22,6 +22,7 @@ ProtectControlGroups=true
StateDirectory=bluetooth
StateDirectoryMode=0700
ConfigurationDirectory=bluetooth
+ConfigurationDirectoryMode=0555
# Execute Mappings
MemoryDenyWriteExecute=true
--
2.35.1