units: limit caps for bus proxyd and driverd services

author: Lennart Poettering <lennart@poettering.net> 2013-12-23 20:37:00 +0100
committer: Lennart Poettering <lennart@poettering.net> 2013-12-23 20:37:00 +0100
commit: 5326b03f30b6b1d50437766afc09598a8be89f8f (patch)
tree: c9601640cddb6714f75fda95b562d6975bcefa05 /units
parent: f98a58fe894d34e4d9675757180f34a8523c936e (diff)
2 files changed, 2 insertions, 0 deletions
diff --git a/units/systemd-bus-driverd.service.in b/units/systemd-bus-driverd.service.in
index 575bddc699..0bda4037c3 100644
--- a/units/systemd-bus-driverd.service.in
+++ b/units/systemd-bus-driverd.service.in
@@ -12,3 +12,4 @@ Description=Bus Driver Service
 ExecStart=@rootlibexecdir@/systemd-bus-driverd
 BusName=org.freedesktop.DBus
 WatchdogSec=1min
+CapabilityBoundingSet=CAP_IPC_OWNER
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.in
index 0711b48bbb..1bdb459f79 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.in
@@ -14,3 +14,4 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
 # space available for this.
 ExecStart=@rootlibexecdir@/systemd-bus-proxyd xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 NotifyAccess=main
+CapabilityBoundingSet=CAP_IPC_OWNER
author	Lennart Poettering <lennart@poettering.net>	2013-12-23 20:37:00 +0100
committer	Lennart Poettering <lennart@poettering.net>	2013-12-23 20:37:00 +0100
commit	5326b03f30b6b1d50437766afc09598a8be89f8f (patch)
tree	c9601640cddb6714f75fda95b562d6975bcefa05 /units
parent	f98a58fe894d34e4d9675757180f34a8523c936e (diff)