fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-05-22 18:28:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
dbus/bus/system.conf.in
Havoc Pennington 7c77664c5a 2004-05-29 Havoc Pennington <hp@redhat.com> 
* bus/config-parser.c (process_test_valid_subdir): temporarily
	stop testing config parser OOM handling, since expat has issues
	http://freedesktop.org/pipermail/dbus/2004-May/001153.html

	* bus/dbus-daemon-1.1.in: change requested_reply to
	send_requested_reply/receive_requested_reply so we can send the
	replies, not just receive them.

	* bus/config-parser.c: parse the new
	send_requested_reply/receive_requested_reply

	* bus/policy.c (bus_client_policy_check_can_send): add
	requested_reply argument and use it

	* bus/bus.c (bus_context_check_security_policy): pass through
	requested_reply status to message send check

	* bus/system.conf.in: adapt to requested_reply change
2004-05-29 04:17:17 +00:00

60 lines
2.1 KiB
Text
Raw Blame History

<!-- This configuration file controls the systemwide message bus.
Add a system-local.conf and edit that rather than changing this
file directly. -->
<!-- Note that there are any number of ways you can hose yourself
security-wise by screwing up this file; in particular, you
probably don't want to listen on any more addresses, add any more
auth mechanisms, run as a different user, etc. -->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Our well-known bus type, do not change this -->
<type>system</type>
<!-- Run as special user -->
<user>messagebus</user>
<!-- Fork into daemon mode -->
<fork/>
<!-- Write a pid file -->
<pidfile>@DBUS_SYSTEM_PID_FILE@</pidfile>
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
<!-- Only listen on a local socket. (abstract=/path/to/socket
means use abstract namespace, don't really create filesystem
file; only Linux supports this. Use path=/whatever on other
systems.) -->
<listen>@DBUS_SYSTEM_BUS_DEFAULT_ADDRESS@</listen>
<policy context="default">
<!-- Deny everything then punch holes -->
<deny send_interface="*"/>
<deny receive_interface="*"/>
<deny own="*"/>
<!-- But allow all users to connect -->
<allow user="*"/>
<!-- Allow anyone to talk to the message bus -->
<!-- FIXME I think currently these allow rules are always implicit
even if they aren't in here -->
<allow send_destination="org.freedesktop.DBus"/>
<allow receive_sender="org.freedesktop.DBus"/>
<!-- valid replies are always allowed -->
<allow send_requested_reply="true"/>
<allow receive_requested_reply="true"/>
</policy>
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
<includedir>system.d</includedir>
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">system-local.conf</include>
</busconfig>
Reference in a new issue View git blame Copy permalink