A default installation of bluez results in the systemd user unit mpris-proxy.service being started for all users---including root. This unnecessarily exposes system users to any security vulnerabilities in mpris-proxy. Inhibit this default behavior by using ConditionUser=!@system. Signed-off-by: Antonio Enrico Russo <aerusso@xxxxxxxxxxx> --- tools/mpris-proxy.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in index c49d255..6ae56c6 100644 --- a/tools/mpris-proxy.service.in +++ b/tools/mpris-proxy.service.in @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1) Wants=dbus.socket After=dbus.socket dbus.service +ConditionUser=!@system [Service] Type=simple -- 2.49.0
