<aegis>
  <request context="INSTALL">
    <credential name="CAP::chown" />
  </request>

  <!-- dbus-daemon-launch-helper is designed to be setuid root, and reject
       attempts by anyone other than messagebus to run it. policy=setxid
       causes Aegis to leave its real uid as messagebus (so it can check
       that messagebus ran it), while using root as the effective uid. -->
  <request policy="setxid">
    <credential name="UID::root" />
    <credential name="GID::root" />
    <credential name="CAP::setgid" />
    <credential name="CAP::setuid" />
    <for path="/usr/lib/dbus-1.0/dbus-daemon-launch-helper" />
  </request>
</aegis>

