This will enable dropping privileges for the daemon. Signed-off-by: Alyssa Ross <hi@alyssa.is> --- img/app/image/etc/s6-rc/dbus/notification-fd | 2 +- .../image/etc/s6-rc/dbus/notification-fd.license | 2 +- img/app/image/etc/s6-rc/dbus/run | 13 +++++++++++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/img/app/image/etc/s6-rc/dbus/notification-fd b/img/app/image/etc/s6-rc/dbus/notification-fd index 00750ed..b8626c4 100644 --- a/img/app/image/etc/s6-rc/dbus/notification-fd +++ b/img/app/image/etc/s6-rc/dbus/notification-fd @@ -1 +1 @@ -3 +4 diff --git a/img/app/image/etc/s6-rc/dbus/notification-fd.license b/img/app/image/etc/s6-rc/dbus/notification-fd.license index a941ca4..0d3d47c 100644 --- a/img/app/image/etc/s6-rc/dbus/notification-fd.license +++ b/img/app/image/etc/s6-rc/dbus/notification-fd.license @@ -1,2 +1,2 @@ SPDX-License-Identifier: CC0-1.0 -SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> +SPDX-FileCopyrightText: 2025 Alyssa Ross <hi@alyssa.is> diff --git a/img/app/image/etc/s6-rc/dbus/run b/img/app/image/etc/s6-rc/dbus/run index 75e9cab..a609e86 100644 --- a/img/app/image/etc/s6-rc/dbus/run +++ b/img/app/image/etc/s6-rc/dbus/run @@ -1,8 +1,17 @@ #!/bin/execlineb -P # SPDX-License-Identifier: EUPL-1.2+ -# SPDX-FileCopyrightText: 2023 Alyssa Ross <hi@alyssa.is> +# SPDX-FileCopyrightText: 2023, 2025 Alyssa Ross <hi@alyssa.is> + +s6-ipcserver-socketbinder -Ba 0770 /run/session-bus + +export LISTEN_FDS 1 +getpid LISTEN_PID + +fdmove -c 3 0 +redirfd -r 0 /dev/null dbus-daemon + --address systemd: --config-file /etc/dbus-1/session.conf --nofork - --print-address 3 + --print-address 4 -- 2.51.0