Drop capabilities in user dbus session

In the systemd user service file, drop all process capabilities. The
capabilities will be inherited from parent process (systemd --user). They
are meant to be inherited by launcher process, but are of no use for
dbus. Since they would give unneeded privileges to dbus, they should be
dropped.

Change-Id: I89a1a1b21d07380f68c9933aab272ebe2b08a889
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>

diff --git a/packaging/dbus-user.service b/packaging/dbus-user.service
index 8dc77f4a1ac9488d3760ed612dfc47f0db55d768..cbe84cf7535604e9109e0ce4ea56479a9d0ba592 100644 (file)
--- a/packaging/dbus-user.service
+++ b/packaging/dbus-user.service
@@ -10,3 +10,4 @@ Requires=dbus.socket
 [Service]
 ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --systemd-activation
 ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
+Capabilities=all-eip