The kdbuswreck

You may well be right (Kerberos, anybody?), but waiting another year or more for a comprehensive ticket subsystem to materialize ^w be developed and debugged seems rather unproductive.

kdbus doesn't add anything to the way systemd handles capabilities, except remove the race condition inherent in checking for them. Passing them through kdbus also doesn't add any and privacy concerns because quite frankly, the knowledge whether or not a particular process does or does not have a particular capability is not a security hole; call me somewhat dumb but offhand I can't think of a way to make it into one.

Rejecting kdbus just because it uses caps is thus somewhat disingenious.