From 4130bd321fa5baf2c6edc171126257f7e651a245 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Dec 09 2020 08:46:56 +0000
Subject: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch


patch_name: 0002-systemd-Add-PrivateTmp-and-NoNewPrivileges-options.patch
present_in_specfile: true
location_in_specfile: 4

---

diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f9faaa4..7c2f60b 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,8 +12,14 @@ NotifyAccess=main
 #Restart=on-failure
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 LimitNPROC=1
+
+# Filesystem lockdown
 ProtectHome=true
 ProtectSystem=full
+PrivateTmp=true
+
+# Privilege escalation
+NoNewPrivileges=true
 
 [Install]
 WantedBy=bluetooth.target