units: limit caps for bus proxyd and driverd services

author Lennart Poettering <lennart@poettering.net>

Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)

committer Lennart Poettering <lennart@poettering.net>

Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
author Lennart Poettering <lennart@poettering.net>
Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
committer Lennart Poettering <lennart@poettering.net>
Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in

index 575bddc6994e39fc22fffa3bb6957cd1b29f6c68..0bda4037c3800624cd3035417cd16749a09f949a 100644 (file)
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -12,3 +12,4 @@ Description=Bus Driver Service
  ExecStart=@rootlibexecdir@/systemd-bus-driverd
  BusName=org.freedesktop.DBus
  WatchdogSec=1min
+CapabilityBoundingSet=CAP_IPC_OWNER
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in

index 0711b48bbb781b0a2ddbba9243cecd5c4648f7ec..1bdb459f796b9b14c397fc7bc4ce80cac686774f 100644 (file)
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -14,3 +14,4 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
  # space available for this.
  ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  NotifyAccess=main
+CapabilityBoundingSet=CAP_IPC_OWNER
author	Lennart Poettering <lennart@poettering.net>
	Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 23 Dec 2013 19:37:00 +0000 (20:37 +0100)
units/systemd-bus-driverd.service.in		patch \| blob \| history
units/systemd-bus-proxyd@.service.in		patch \| blob \| history