1 files changed, 34 insertions, 7 deletions

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index b8da66c985..af352531a4 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -25,19 +25,20 @@
 #include <seccomp.h>
 #endif
 
+#include "af-list.h"
 #include "bus-util.h"
-#include "missing.h"
-#include "ioprio.h"
-#include "strv.h"
-#include "fileio.h"
-#include "execute.h"
 #include "capability.h"
+#include "dbus-execute.h"
 #include "env-util.h"
-#include "af-list.h"
+#include "execute.h"
+#include "fd-util.h"
+#include "fileio.h"
+#include "ioprio.h"
+#include "missing.h"
 #include "namespace.h"
 #include "path-util.h"
+#include "strv.h"
 #include "utf8.h"
-#include "dbus-execute.h"
 
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
@@ -1334,6 +1335,32 @@ int bus_exec_context_set_transient_property(
 
                 return 1;
 
+        } else if (streq(name, "ProtectSystem")) {
+                const char *s;
+                ProtectSystem ps;
+
+                r = sd_bus_message_read(message, "s", &s);
+                if (r < 0)
+                        return r;
+
+                r = parse_boolean(s);
+                if (r > 0)
+                        ps = PROTECT_SYSTEM_YES;
+                else if (r == 0)
+                        ps = PROTECT_SYSTEM_NO;
+                else {
+                        ps = protect_system_from_string(s);
+                        if (ps < 0)
+                                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Failed to parse protect system value");
+                }
+
+                if (mode != UNIT_CHECK) {
+                        c->protect_system = ps;
+                        unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, s);
+                }
+
+                return 1;
+
         } else if (rlimit_from_string(name) >= 0) {
                 uint64_t rl;
                 rlim_t x;