From f36257226f3a836f9f77a94f73f418394cafd33f Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sat, 27 Dec 2025 14:17:36 +0100
Subject: [PATCH] Fix systemd service: Disable NoNewPrivileges

NoNewPrivileges=true prevents file capabilities from working.
Since we need CAP_NET_RAW/CAP_NET_ADMIN for Bluetooth, we must
disable this security feature.
---
 systemd/sensorpajen.service | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/systemd/sensorpajen.service b/systemd/sensorpajen.service
index 9a6942a..8fae6db 100644
--- a/systemd/sensorpajen.service
+++ b/systemd/sensorpajen.service
@@ -23,7 +23,9 @@ StandardError=journal
 SyslogIdentifier=sensorpajen
 
 # Security
-NoNewPrivileges=true
+# Note: NoNewPrivileges=true can prevent file capabilities from working
+# We need capabilities for Bluetooth access, so we can't use it
+#NoNewPrivileges=true
 PrivateTmp=true
 
 [Install]