dbus: fix issues with root being at_console

When root is at_console, the at_console stuff overrides the user=root section. Since the default section will deny-by-default, explicitly allow certain D-Bus interfaces to be usable by at_console users (including root when root is at_console) prevents root from being denied access to those interfaces when root is at_console.
2026-06-19 08:58:28 +02:00 · 2009-05-10 00:20:12 -04:00 · 2009-05-10 00:20:12 -04:00 · fd4bdc5c54
commit fd4bdc5c54
parent 97fe200122
1 changed files with 41 additions and 5 deletions
--- a/src/NetworkManager.conf
+++ b/src/NetworkManager.conf
@ -12,15 +12,51 @@
        <policy at_console="true">
                <allow send_destination="org.freedesktop.NetworkManager"/>

-                <deny send_destination="org.freedesktop.NetworkManager"
-                      send_interface="org.freedesktop.NetworkManager.PPP"/>
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.DBus.Introspectable"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.DBus.Properties"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.Device"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.IP4Config"/>
+
+		<allow send_destination="org.freedesktop.NetworkManager"
+		       send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
        </policy>
        <policy context="default">
                <deny own="org.freedesktop.NetworkManager"/>
                <deny send_destination="org.freedesktop.NetworkManager"/>
-
-                <deny send_destination="org.freedesktop.NetworkManager"
-                      send_interface="org.freedesktop.NetworkManager.PPP"/>
        </policy>

        <limit name="max_replies_per_connection">512</limit>