[nanny] Don't allow to normal users access to admin dbus api
- From: Roberto Majadas <telemaco src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [nanny] Don't allow to normal users access to admin dbus api
- Date: Wed, 23 Dec 2009 00:41:20 +0000 (UTC)
commit f6896e37d2f113432e1cee174ebd6dd499b04e47
Author: Roberto Majadas <roberto majadas openshine com>
Date: Wed Dec 23 01:40:49 2009 +0100
Don't allow to normal users access to admin dbus api
daemon/data/dbus/nanny-daemon.conf | 35 ++++++++++++++++++++++++++++-------
1 files changed, 28 insertions(+), 7 deletions(-)
---
diff --git a/daemon/data/dbus/nanny-daemon.conf b/daemon/data/dbus/nanny-daemon.conf
index ebb015d..a86d9e0 100644
--- a/daemon/data/dbus/nanny-daemon.conf
+++ b/daemon/data/dbus/nanny-daemon.conf
@@ -3,22 +3,43 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
+ <policy user="0">
<allow own="org.gnome.Nanny"/>
+ <allow send_destination="org.gnome.Nanny"/>
+
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny"/>
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.Notification"/>
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.WebDatabase"/>
+
+
+ <allow receive_interface="org.gnome.Nanny" receive_sender="org.gnome.Nanny"/>
+ <allow receive_interface="org.gnome.Nanny.Notification" receive_sender="org.gnome.Nanny"/>
+ <allow receive_interface="org.gnome.Nanny.WebDatabase" receive_sender="org.gnome.Nanny"/>
</policy>
<policy context="default">
+ <deny own="org.gnome.Nanny"/>
+ <deny send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny"/>
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.Notification"/>
+ <deny send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.WebDatabase"/>
+
+
+ <deny receive_interface="org.gnome.Nanny" receive_sender="org.gnome.Nanny"/>
+ <allow receive_interface="org.gnome.Nanny.Notification" receive_sender="org.gnome.Nanny"/>
+ <deny receive_interface="org.gnome.Nanny.WebDatabase" receive_sender="org.gnome.Nanny"/>
+ </policy>
+
+ <policy group="admin">
<allow send_destination="org.gnome.Nanny"/>
- <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.Admin"/>
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny"/>
<allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.Notification"/>
+ <allow send_destination="org.gnome.Nanny" send_interface="org.gnome.Nanny.WebDatabase"/>
- <allow receive_interface="org.gnome.Nanny.Admin"
- receive_sender="org.gnome.Nanny"/>
- <allow receive_interface="org.gnome.Nanny.Notification"
- receive_sender="org.gnome.Nanny"/>
-
+ <allow receive_interface="org.gnome.Nanny" receive_sender="org.gnome.Nanny"/>
+ <allow receive_interface="org.gnome.Nanny.Notification" receive_sender="org.gnome.Nanny"/>
+ <allow receive_interface="org.gnome.Nanny.WebDatabase" receive_sender="org.gnome.Nanny"/>
</policy>
</busconfig>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
