D-Bus default limit of replies per connection has been lowered to 128 due to
CVE-2014-3638, see:
http://cgit.freedesktop.org/dbus/dbus/commit/?id=5bc7f9519ebc6117ba300c704794b36b87c2194bhttps://bugs.freedesktop.org/show_bug.cgi?id=81053
The limit seems to be too low and causes problems in libnm-glib, that will not
return all NetworkManager connection profiles if there are too many of them
(roughly more than the limit). As a consequence, libnm-glib based clients will
not work properly.
Lets increase the limit in our D-Bus org.freedesktop.NetworkManager.conf
configuration as we had it before.
See also older commit d5b31d55fa that did the
opposite thing (removing the limit because the default D-Bus limit was 8192 at
that time).
Of special note is the new D-Bus rule to allow root to talk to
org.freedesktop.NetworkManager.VPN.Plugin, without which NetworkManager
would not hear signals from the VPN plugins. Oddly, this worked
fine with dbus-glib...
https://bugzilla.gnome.org/show_bug.cgi?id=745307
at_console permissions as implemented by D-Bus have some problems:
1) it is now fully redundant with PolicyKit and session tracking via
systemd/ConsoleKit
2) it uses a different mechanism than PolicyKit or systemd to determine
sessions and whether the user is on local or not (pam_console)
3) it was never widely implemented across so removing it
harmonizes D-Bus permissions on all supported distros
To that end, remove the at_console section of the D-Bus permissions,
and rely on session-tracking and PolicyKit to ensure operations are
locked down.
No changes are being made to PolicyKit or session-tracking, so any
operations denied by those mechanisms are still denied, and no
permissions are being relaxed. Instead, this should allow remote
users who log in via remote desktop or SSH to inspect network state,
change connection parameters, and start/stop interfaces. Obviously
if you are remote, you should not touch the interface which your
connection is using, but that concern shouldn't prevent all the other
nice stuff that you can do with NM.
https://bugzilla.gnome.org/show_bug.cgi?id=707983https://bugzilla.redhat.com/show_bug.cgi?id=979416
