X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=units%2Fsystemd-bus-proxyd%40.service.in;h=fdcd3029fd70f53d01ca587b727721e766e7fa36;hp=93d6563201f55d40384601e82bdd3d5ce3a51ee1;hb=63cc4c3138fd0ce9cc97884373a2dd8959a13ee9;hpb=7c9a6f906308a6474f1ebb98058c4a33a02c33f1

diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 93d656320..fdcd3029f 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -5,8 +5,18 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-[Description]
+[Unit]
 Description=Legacy D-Bus Protocol Compatibility Daemon
 
 [Service]
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd
+# The first argument will be replaced by the service by information on
+# the process requesting the proxy, we need a placeholder to keep the
+# space available for this.
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/sys/fs/kdbus/0-system/bus --configuration=/etc/dbus-1/system.conf --configuration=/etc/dbus-1/system-local.conf --configuration=/etc/dbus-1/system.d/ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+NotifyAccess=main
+CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
+PrivateTmp=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+ProtectSystem=full
+ProtectHome=yes