chiark / gitweb /
units: limit caps for bus proxyd and driverd services
authorLennart Poettering <lennart@poettering.net>
Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
committerLennart Poettering <lennart@poettering.net>
Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
units/systemd-bus-driverd.service.in
units/systemd-bus-proxyd@.service.in

index 575bddc..0bda403 100644 (file)
@@ -12,3 +12,4 @@ Description=Bus Driver Service
 ExecStart=@rootlibexecdir@/systemd-bus-driverd
 BusName=org.freedesktop.DBus
 WatchdogSec=1min
+CapabilityBoundingSet=CAP_IPC_OWNER
index 0711b48..1bdb459 100644 (file)
@@ -14,3 +14,4 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # space available for this.
 ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
+CapabilityBoundingSet=CAP_IPC_OWNER