fredrik/sensorpajen
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

Fix systemd service: Disable NoNewPrivileges

Browse Source 
NoNewPrivileges=true prevents file capabilities from working.
Since we need CAP_NET_RAW/CAP_NET_ADMIN for Bluetooth, we must
disable this security feature.
This commit is contained in:
fredrik
2025-12-27 14:17:36 +01:00
parent b740372d88
commit f36257226f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
systemd/sensorpajen.service
View File

@@ -23,7 +23,9 @@ StandardError=journal
SyslogIdentifier=sensorpajen SyslogIdentifier=sensorpajen
# Security # Security
NoNewPrivileges=true # Note: NoNewPrivileges=true can prevent file capabilities from working
# We need capabilities for Bluetooth access, so we can't use it
#NoNewPrivileges=true
PrivateTmp=true PrivateTmp=true
[Install] [Install]