diff --git a/bus/dbus.service.in b/bus/dbus.service.in
index 3713810b..1921db8f 100644
--- a/bus/dbus.service.in
+++ b/bus/dbus.service.in
@@ -9,3 +9,6 @@ NotifyAccess=main
 ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
 ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
 OOMScoreAdjust=-900
+User=@DBUS_USER@
+Group=@DBUS_USER@
+@AMBIENT_CAPS@
diff --git a/configure.ac b/configure.ac
index 08c581e6..f6ce9e6c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -956,6 +956,9 @@ AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
 if test x$have_libaudit = xyes ; then
     SELINUX_LIBS="$SELINUX_LIBS -laudit -lcap-ng"
     AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
+    # For the systemd system unit
+    AMBIENT_CAPS="AmbientCapabilities=CAP_AUDIT_WRITE"
+    AC_SUBST(AMBIENT_CAPS)
 fi
 
 AC_SUBST([SELINUX_LIBS])
diff --git a/meson.build b/meson.build
index 433a333d..33120198 100644
--- a/meson.build
+++ b/meson.build
@@ -549,6 +549,8 @@ else
     if get_option('libaudit').enabled() and not have_libaudit
         error('libaudit support requested but not found')
     endif
+    # For the systemd system unit
+    data_config.set('AMBIENT_CAPS', 'AmbientCapabilities=CAP_AUDIT_WRITE')
 endif
 config.set('HAVE_LIBAUDIT', have_libaudit)