[Unit]
Description=Location Lookup Service

[Service]
Type=dbus
BusName=org.freedesktop.GeoClue2
User=@dbus_srv_user@
ExecStart=@libexecdir@/geoclue

# Filesystem lockdown
ProtectSystem=strict
ProtectKernelTunables=true
ProtectControlGroups=true
ProtectHome=true
PrivateTmp=true

# Network
PrivateNetwork=false

# Execute Mappings
MemoryDenyWriteExecute=true

# Modules
ProtectKernelModules=true

# Real-time
RestrictRealtime=true

# Privilege escalation
NoNewPrivileges=true