6a010ac9e5
Either become uid/gid of the client we have been forked for, or become the "systemd-bus-proxy" user if the client was root. We retain CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
23 lines
817 B
SYSTEMD
23 lines
817 B
SYSTEMD
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Legacy D-Bus Protocol Compatibility Daemon
|
|
|
|
[Service]
|
|
# The first argument will be replaced by the service by information on
|
|
# the process requesting the proxy, we need a placeholder to keep the
|
|
# space available for this.
|
|
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
NotifyAccess=main
|
|
CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
|
|
PrivateTmp=yes
|
|
PrivateDevices=yes
|
|
PrivateNetwork=yes
|
|
ReadOnlySystem=yes
|
|
ProtectedHome=yes
|