Commit ca12b74c authored by erdnaxe's avatar erdnaxe 🦋
Browse files

Update bluetooth hardening options

parent fd53192e
......@@ -69,18 +69,11 @@
systemd.services.bluetooth.serviceConfig = {
# Hardening
MemoryDenyWriteExecute = true; # fedora
NoNewPrivileges = true; # fedora
PrivateTmp = true; # fedora
# RestrictAddressFamilies = [ "AF_UNIX" "AF_BLUETOOTH" "AF_NETLINK" ]; breaks rfkill
ProtectClock = true;
ProtectControlGroups = true; # fedora
ProtectKernelLogs = true;
ProtectKernelTunables = true; # fedora
ProtectKernelModules = true;
ProtectSystem = "full"; # arch, deb, fedora, opensuse
RestrictAddressFamilies = [ "AF_UNIX" "AF_BLUETOOTH" ];
RestrictNamespaces = true;
RestrictRealtime = true; # fedora
SystemCallArchitectures = "native";
};
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment