From 895464f92f960725cf45f427dfeefcab9bce224e Mon Sep 17 00:00:00 2001
From: Luke Shumaker <lukeshu@lukeshu.com>
Date: Fri, 31 Aug 2018 01:56:41 -0400
Subject: Drop privileges

---
 qemu@.service.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'qemu@.service.in')

diff --git a/qemu@.service.in b/qemu@.service.in
index 000419e..cc4c925 100644
--- a/qemu@.service.in
+++ b/qemu@.service.in
@@ -7,10 +7,11 @@ Before=machines.target
 [Service]
 Type=notify
 NotifyAccess=all
+DynamicUser=yes
 RuntimeDirectory=qemu-%I
 PIDFile=@runstatedir@/qemu-%I/pid
-ExecStart=@BINPROG@ %I
-ExecStop=@SOCAT@ SYSTEM:'echo system_powerdown; sleep infinity' UNIX-CONNECT:@runstatedir@/qemu-%I/monitor.sock
+ExecStart=!@BINPROG@ %I
+ExecStop=!@SOCAT@ SYSTEM:'echo system_powerdown; sleep infinity' UNIX-CONNECT:@runstatedir@/qemu-%I/monitor.sock
 
 [Install]
 WantedBy=machines.target
-- 
cgit v1.2.3-2-g168b