diff mbox series

[BlueZ,2/2] bluetooth.service: Set ConfigurationDirectoryMode

Message ID 20220419182237.2531907-2-luiz.dentz@gmail.com
State New
Headers show
Series [BlueZ,1/2] bluetooth.service: Set StateDirectoryMode | expand

Commit Message

Luiz Augusto von Dentz April 19, 2022, 6:22 p.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This sets ConfigurationDirectoryMode to 0555 to really enforce the
ConfigurationDirectory to be read-only [1].

[1] https://github.com/bluez/bluez/issues/329#issuecomment-1102459104
---
 src/bluetooth.service.in | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 4ea98b506..beb98ce0c 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -22,6 +22,7 @@  ProtectControlGroups=true
 StateDirectory=bluetooth
 StateDirectoryMode=0700
 ConfigurationDirectory=bluetooth
+ConfigurationDirectoryMode=0555
 
 # Execute Mappings
 MemoryDenyWriteExecute=true