Fix Bluetooth permission error with AmbientCapabilities and enhanced postinst
- Add AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN to systemd service files - Add sensorpajen user to bluetooth group in postinst - Improve setcap error handling in postinst with clearer messaging - Add comprehensive troubleshooting section for Bluetooth permission errors This fixes the 'Operation not permitted' error when the service tries to access Bluetooth hardware. The fix uses two layers of protection: 1. systemd AmbientCapabilities (modern, robust) 2. File capabilities via setcap (traditional, wider compatibility)
This commit is contained in:
@@ -12,21 +12,9 @@ ExecStart=%h/sensorpajen/.venv/bin/python -m sensorpajen.main
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
# Bluetooth capabilities (alternative to setcap)
|
||||
# Note: This requires systemd to be run with proper permissions
|
||||
# If this doesn't work, use setcap on the Python binary instead
|
||||
#AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
|
||||
|
||||
# Logging
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=sensorpajen
|
||||
|
||||
# Security
|
||||
# Note: NoNewPrivileges=true can prevent file capabilities from working
|
||||
# We need capabilities for Bluetooth access, so we can't use it
|
||||
#NoNewPrivileges=true
|
||||
PrivateTmp=true
|
||||
# Bluetooth capabilities
|
||||
AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
|
||||
NoNewPrivileges=false
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
||||
Reference in New Issue
Block a user