systemd: start as the D-Bus user/group, rather than root

When starting as root files in /proc/self/fdinfo/ will be owned as root and set to 400, so we cannot read them. Nowadays it is not necessary to start as root when running under systemd, so just add User/Group with the configured user to the system unit. If libaudit support is enabled, add AmbientCapabilities=CAP_AUDIT_WRITE so that we can still write to the audit log. Signed-off-by: Luca Boccassi <bluca@debian.org>
author: Luca Boccassi <bluca@debian.org> 2023-03-20 01:48:06 +0000
committer: Luca Boccassi <luca.boccassi@gmail.com> 2023-08-03 09:13:30 +0000
commit: 760cb1e418f9749ac942d8435a3f7273a1679345 (patch)
tree: 50b96edeae2665785217c990068984f35bacdde7 /bus
parent: 053003014b34069146960a3d8f183dc571468d3b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/bus/dbus.service.in b/bus/dbus.service.in
index 3713810b..1921db8f 100644
--- a/bus/dbus.service.in
+++ b/bus/dbus.service.in
@@ -9,3 +9,6 @@ NotifyAccess=main
 ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
 ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
 OOMScoreAdjust=-900
+User=@DBUS_USER@
+Group=@DBUS_USER@
+@AMBIENT_CAPS@
author	Luca Boccassi <bluca@debian.org>	2023-03-20 01:48:06 +0000
committer	Luca Boccassi <luca.boccassi@gmail.com>	2023-08-03 09:13:30 +0000
commit	760cb1e418f9749ac942d8435a3f7273a1679345 (patch)
tree	50b96edeae2665785217c990068984f35bacdde7 /bus
parent	053003014b34069146960a3d8f183dc571468d3b (diff)