From 20ab29090d24b34d14712b18040f86f7e10f06f3 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Fri, 8 Apr 2016 15:08:30 +0300
Subject: [PATCH] systemd: Enable ProtectHome and ProtectSystem options

These options protect from unintended access to the filesystem see
SYSTEMD.EXEC(5) for mode detail.
---
 src/bluetooth.service.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index 83e4732d0..f799f65f0 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -12,6 +12,8 @@ NotifyAccess=main
 #Restart=on-failure
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
 LimitNPROC=1
+ProtectHome=true
+ProtectSystem=full
 
 [Install]
 WantedBy=bluetooth.target
-- 
2.11.0