Control: tag -1 upstream
Control: forwarded -1 https://github.com/bluez/bluez/issues/414
On Tue, 23 Aug 2022 10:56:27 -0600 Kevin Locke wrote:
systemd[1234]: ConfigurationDirectory 'bluetooth' already exists but the mode
is different. (File system: 755 ConfigurationDirectoryMode: 555)
[...]
[Service]
ConfigurationDirectory=bluetooth
ConfigurationDirectoryMode=0555
These lines were added to fix
<https://github.com/bluez/bluez/issues/329>
"systemd failed to set up mount namespacing for /var/lib/bluetooth"
and it seems the intention was to have the `/etc/bluetooth` directory
read-only. Actually the effect is the opposite. `ProtectSystem=strict`
causes `/` being mounted read-only and `ConfigurationDirectory` causes
`/etc/` mounted as writable.
So the extra directives decrease degree of protection against various
potential vulnerabilities in bluetoothd. Otherwise the reported warning
may be considered harmless.
As a workaround you may create the following configuration drop-in file
/etc/systemd/system/bluetooth.service.d/disable-configuration-directory.conf
---- 8< ----
[Service]
ConfigurationDirectory=
ConfigurationDirectoryMode=
---- >8 ----
To apply updated configuration run
systemctl daemon-reload
systemctl restart bluetooth.service
