From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 23 Dec 2013 19:37:00 +0000 (+0100)
Subject: units: limit caps for bus proxyd and driverd services
X-Git-Tag: v209~682
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=5326b03f30b6b1d50437766afc09598a8be89f8f

units: limit caps for bus proxyd and driverd services
---

diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in
index 575bddc69..0bda4037c 100644
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -12,3 +12,4 @@ Description=Bus Driver Service
 ExecStart=@rootlibexecdir@/systemd-bus-driverd
 BusName=org.freedesktop.DBus
 WatchdogSec=1min
+CapabilityBoundingSet=CAP_IPC_OWNER
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 0711b48bb..1bdb459f7 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -14,3 +14,4 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # space available for this.
 ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
+CapabilityBoundingSet=CAP_IPC_OWNER