summaryrefslogtreecommitdiff
path: root/units
diff options
context:
space:
mode:
Diffstat (limited to 'units')
-rw-r--r--units/systemd-bus-proxyd@.service.m4.in (renamed from units/systemd-bus-proxyd@.service.in)2
-rw-r--r--units/user@.service.m4.in (renamed from units/user@.service.in)4
2 files changed, 5 insertions, 1 deletions
diff --git a/units/systemd-bus-proxyd@.service.in b/units/systemd-bus-proxyd@.service.m4.in
index 23b5ffa072..3f3ab64dee 100644
--- a/units/systemd-bus-proxyd@.service.in
+++ b/units/systemd-bus-proxyd@.service.m4.in
@@ -14,7 +14,7 @@ Description=Legacy D-Bus Protocol Compatibility Daemon
# space available for this.
ExecStart=@rootlibexecdir@/systemd-bus-proxyd --drop-privileges --address=kernel:path=/sys/fs/kdbus/0-system/bus xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NotifyAccess=main
-CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP
+CapabilityBoundingSet=CAP_IPC_OWNER CAP_SETUID CAP_SETGID CAP_SETPCAP m4_ifdef(`HAVE_SMACK', CAP_MAC_ADMIN )
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
diff --git a/units/user@.service.in b/units/user@.service.m4.in
index 1e21d51aae..340c02b59b 100644
--- a/units/user@.service.in
+++ b/units/user@.service.m4.in
@@ -17,3 +17,7 @@ ExecStart=-@rootlibexecdir@/systemd --user
Slice=user-%i.slice
KillMode=mixed
Delegate=yes
+m4_ifdef(`HAVE_SMACK',
+Capabilities=cap_mac_admin=i
+SecureBits=keep-caps
+)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-11 22:29:05 +0000