When starting as root files in /proc/self/fdinfo/ will be owned as root
and set to 400, so we cannot read them. Nowadays it is not necessary to
start as root when running under systemd, so just add User/Group with
the configured user to the system unit.
If libaudit support is enabled, add AmbientCapabilities=CAP_AUDIT_WRITE
so that we can still write to the audit log.
Signed-off-by: Luca Boccassi <bluca@debian.org>
ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
OOMScoreAdjust=-900
+User=@DBUS_USER@
+Group=@DBUS_USER@
+@AMBIENT_CAPS@
if test x$have_libaudit = xyes ; then
SELINUX_LIBS="$SELINUX_LIBS -laudit -lcap-ng"
AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
+ # For the systemd system unit
+ AMBIENT_CAPS="AmbientCapabilities=CAP_AUDIT_WRITE"
+ AC_SUBST(AMBIENT_CAPS)
fi
AC_SUBST([SELINUX_LIBS])
if get_option('libaudit').enabled() and not have_libaudit
error('libaudit support requested but not found')
endif
+ # For the systemd system unit
+ data_config.set('AMBIENT_CAPS', 'AmbientCapabilities=CAP_AUDIT_WRITE')
endif
config.set('HAVE_LIBAUDIT', have_libaudit)
projects / thirdparty / dbus.git / commitdiff
