From 4ae5c38be8e8b2fe073e2dbf8fce30348dad7483 Mon Sep 17 00:00:00 2001
From: Matthias Schoepfer <matthias.schoepfer@googlemail.com>
Date: Wed, 31 Jul 2019 14:59:16 +0200
Subject: [PATCH] iwd.service.in: remove PrivateDevices=true

Previously, the option PrivateDevices=true disabled access to
/dev/rfkill, which lead to:
  'iwctl adapter phy0 set-property Powered {off|on}'
to fail.

This patch explicitly allows access to /dev/rfkill
---
 src/iwd.service.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/iwd.service.in b/src/iwd.service.in
index a765d387..9bf48245 100644
--- a/src/iwd.service.in
+++ b/src/iwd.service.in
@@ -11,7 +11,8 @@ LimitNPROC=1
 Restart=on-failure
 PrivateTmp=true
 NoNewPrivileges=true
-PrivateDevices=true
+DevicePolicy=closed
+DeviceAllow=/dev/rfkill rw
 ProtectHome=yes
 ProtectSystem=strict
 ReadWritePaths=/var/lib/iwd/