systemd: Add PrivateTmp and NoNewPrivileges options PrivateTmp makes bluetoothd's /tmp and /var/tmp be inside a different namespace. This is useful to secure access to temporary files of the process. NoNewPrivileges ensures that service process and all its children can never gain new privileges through execve(), lowering the risk of possible privilege escalations.

Diffstat

1 files changed, 6 insertions(+), 0 deletions(-)