diff options
author | Luca Boccassi <bluca@debian.org> | 2023-03-20 01:48:06 +0000 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-08-03 09:13:30 +0000 |
commit | 760cb1e418f9749ac942d8435a3f7273a1679345 (patch) | |
tree | 50b96edeae2665785217c990068984f35bacdde7 /bus | |
parent | 053003014b34069146960a3d8f183dc571468d3b (diff) |
systemd: start as the D-Bus user/group, rather than root
When starting as root files in /proc/self/fdinfo/ will be owned as root
and set to 400, so we cannot read them. Nowadays it is not necessary to
start as root when running under systemd, so just add User/Group with
the configured user to the system unit.
If libaudit support is enabled, add AmbientCapabilities=CAP_AUDIT_WRITE
so that we can still write to the audit log.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Diffstat (limited to 'bus')
-rw-r--r-- | bus/dbus.service.in | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/bus/dbus.service.in b/bus/dbus.service.in index 3713810b..1921db8f 100644 --- a/bus/dbus.service.in +++ b/bus/dbus.service.in @@ -9,3 +9,6 @@ NotifyAccess=main ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig OOMScoreAdjust=-900 +User=@DBUS_USER@ +Group=@DBUS_USER@ +@AMBIENT_CAPS@ |