chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cryptsetup-generator: Split main() into more functions and use hasmaps
[elogind.git] / units / systemd-bus-proxyd@.service.in
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 1a6458ac5795f0192bb7980ada7b837051c96eff..23b5ffa072a3b9d74badc1ebcfbc376455c3c315 100644 (file)
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -12,8 +12,11 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # The first argument will be replaced by the service by information on
 # the process requesting the proxy, we need a placeholder to keep the
 # space available for this.
-ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/sys/fs/kdbus/0-system/bus xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
-CapabilityBoundingSet=CAP_IPC_OWNER
+CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
 PrivateTmp=yes
 PrivateDevices=yes
+PrivateNetwork=yes
+ProtectSystem=full
+ProtectHome=yes
Unnamed repository; edit this file 'description' to name the repository.