DBus permissions
- From: Tambet Ingo <tambet gmail com>
- To: network manager <networkmanager-list gnome org>
- Subject: DBus permissions
- Date: Tue, 27 Jan 2009 12:44:15 +0200
Attached patches fix DBus permissions for all NetworkManager pieces
(NM, nm-applet, vpn plugins). For more information, see
http://lists.freedesktop.org/archives/dbus/2009-January/010807.html
Tambet
diff --git a/callouts/nm-avahi-autoipd.conf b/callouts/nm-avahi-autoipd.conf
index 97d9ff5..52e8ea0 100644
--- a/callouts/nm-avahi-autoipd.conf
+++ b/callouts/nm-avahi-autoipd.conf
@@ -2,13 +2,9 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.nm_avahi_autoipd"/>
- <allow send_interface="org.freedesktop.nm_avahi_autoipd"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.nm_avahi_autoipd"/>
- <deny send_interface="org.freedesktop.nm_avahi_autoipd"/>
- </policy>
+ <policy user="root">
+ <allow own="org.freedesktop.nm_avahi_autoipd"/>
+ <allow send_destination="org.freedesktop.nm_avahi_autoipd"/>
+ </policy>
</busconfig>
diff --git a/callouts/nm-dhcp-client.conf b/callouts/nm-dhcp-client.conf
index 515a110..cc7723a 100644
--- a/callouts/nm-dhcp-client.conf
+++ b/callouts/nm-dhcp-client.conf
@@ -2,13 +2,9 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.nm_dhcp_client"/>
- <allow send_interface="org.freedesktop.nm_dhcp_client"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.nm_dhcp_client"/>
- <deny send_interface="org.freedesktop.nm_dhcp_client"/>
- </policy>
+ <policy user="root">
+ <allow own="org.freedesktop.nm_dhcp_client"/>
+ <allow send_destination="org.freedesktop.nm_dhcp_client"/>
+ </policy>
</busconfig>
diff --git a/callouts/nm-dispatcher.conf b/callouts/nm-dispatcher.conf
index 32833a7..8dbc0b5 100644
--- a/callouts/nm-dispatcher.conf
+++ b/callouts/nm-dispatcher.conf
@@ -4,11 +4,7 @@
<busconfig>
<policy user="root">
<allow own="org.freedesktop.nm_dispatcher"/>
- <allow send_interface="org.freedesktop.nm_dispatcher"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.nm_dispatcher"/>
- <deny send_interface="org.freedesktop.nm_dispatcher"/>
+ <allow send_destination="org.freedesktop.nm_dispatcher"/>
</policy>
</busconfig>
diff --git a/src/NetworkManager.conf b/src/NetworkManager.conf
index 01dfee2..5378e5d 100644
--- a/src/NetworkManager.conf
+++ b/src/NetworkManager.conf
@@ -2,29 +2,16 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.NetworkManager"/>
- <allow send_destination="org.freedesktop.NetworkManager"/>
- <allow send_interface="org.freedesktop.NetworkManager"/>
-
+ <policy at_console="true">
+ <allow send_destination="org.freedesktop.NetworkManager"/>
+ </policy>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManager"/>
<allow own="org.freedesktop.NetworkManager.PPP"/>
- <allow send_destination="org.freedesktop.NetworkManager.PPP"/>
- <allow send_interface="org.freedesktop.NetworkManager.PPP"/>
- </policy>
- <policy at_console="true">
- <allow send_destination="org.freedesktop.NetworkManager"/>
- <allow send_interface="org.freedesktop.NetworkManager"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager"/>
- <deny send_destination="org.freedesktop.NetworkManager"/>
- <deny send_interface="org.freedesktop.NetworkManager"/>
-
- <deny own="org.freedesktop.NetworkManager.PPP"/>
- <deny send_destination="org.freedesktop.NetworkManager.PPP"/>
- <deny send_interface="org.freedesktop.NetworkManager.PPP"/>
- </policy>
+ <allow send_destination="org.freedesktop.NetworkManager.PPP"/>
+ send_interface="org.freedesktop.NetworkManager.PPP"/>
+ </policy>
- <limit name="max_replies_per_connection">512</limit>
+ <limit name="max_replies_per_connection">512</limit>
</busconfig>
diff --git a/system-settings/src/nm-system-settings.conf b/system-settings/src/nm-system-settings.conf
index 10184ba..6e95f3a 100644
--- a/system-settings/src/nm-system-settings.conf
+++ b/system-settings/src/nm-system-settings.conf
@@ -2,23 +2,17 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.NetworkManagerSystemSettings"/>
-
- <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
- </policy>
<policy context="default">
- <deny own="org.freedesktop.NetworkManagerSystemSettings"/>
-
<allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
-
- <!-- Only root can get secrets -->
- <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
+ <deny send_destination="org.freedesktop.NetworkManagerSystemSettings"
+ send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
+ </policy>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManagerSystemSettings"/>
+ <allow send_destination="org.freedesktop.NetworkManagerSystemSettings"
+ send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
</policy>
- <limit name="max_replies_per_connection">512</limit>
+ <limit name="max_replies_per_connection">512</limit>
</busconfig>
diff --git a/nm-applet.conf b/nm-applet.conf
index af7c642..2081ab0 100644
--- a/nm-applet.conf
+++ b/nm-applet.conf
@@ -2,31 +2,18 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>
- <policy user="root">
- <allow own="org.freedesktop.NetworkManagerUserSettings"/>
-
+ <policy context="default">
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
-
- <!-- Only root can get secrets -->
- <allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
+ <deny send_destination="org.freedesktop.NetworkManagerUserSettings"
+ send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
</policy>
<policy at_console="true">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
-
- <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
-
- <!-- Only root can get secrets -->
- <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
</policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManagerUserSettings"/>
-
- <allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- <allow send_interface="org.freedesktop.NetworkManagerSettings"/>
- <!-- Only root can get secrets -->
- <deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
+ <policy user="root">
+ <allow own="org.freedesktop.NetworkManagerUserSettings"/>
+ <allow send_destination="org.freedesktop.NetworkManagerUserSettings"
+ send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
diff --git a/nm-vpnc-service.conf b/nm-vpnc-service.conf
index cd02870..4cee63e 100644
--- a/nm-vpnc-service.conf
+++ b/nm-vpnc-service.conf
@@ -5,12 +5,6 @@
<policy user="root">
<allow own="org.freedesktop.NetworkManager.vpnc"/>
<allow send_destination="org.freedesktop.NetworkManager.vpnc"/>
- <allow send_interface="org.freedesktop.NetworkManager.vpnc"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager.vpnc"/>
- <deny send_destination="org.freedesktop.NetworkManager.vpnc"/>
- <deny send_interface="org.freedesktop.NetworkManager.vpnc"/>
</policy>
</busconfig>
diff --git a/nm-openvpn-service.conf b/nm-openvpn-service.conf
index 62eaa8c..c6b5eb2 100644
--- a/nm-openvpn-service.conf
+++ b/nm-openvpn-service.conf
@@ -5,12 +5,6 @@
<policy user="root">
<allow own="org.freedesktop.NetworkManager.openvpn"/>
<allow send_destination="org.freedesktop.NetworkManager.openvpn"/>
- <allow send_interface="org.freedesktop.NetworkManager.openvpn"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager.openvpn"/>
- <deny send_destination="org.freedesktop.NetworkManager.openvpn"/>
- <deny send_interface="org.freedesktop.NetworkManager.openvpn"/>
</policy>
</busconfig>
diff --git a/nm-pptp-service.conf b/nm-pptp-service.conf
index aa5400d..b1b80d2 100644
--- a/nm-pptp-service.conf
+++ b/nm-pptp-service.conf
@@ -4,21 +4,9 @@
<busconfig>
<policy user="root">
<allow own="org.freedesktop.NetworkManager.pptp"/>
- <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
- <allow send_interface="org.freedesktop.NetworkManager.pptp"/>
-
<allow own="org.freedesktop.NetworkManager.pptp-ppp"/>
+ <allow send_destination="org.freedesktop.NetworkManager.pptp"/>
<allow send_destination="org.freedesktop.NetworkManager.pptp-ppp"/>
- <allow send_interface="org.freedesktop.NetworkManager.pptp-ppp"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager.pptp"/>
- <deny send_destination="org.freedesktop.NetworkManager.pptp"/>
- <deny send_interface="org.freedesktop.NetworkManager.pptp"/>
-
- <deny own="org.freedesktop.NetworkManager.pptp-ppp"/>
- <deny send_destination="org.freedesktop.NetworkManager.pptp-ppp"/>
- <deny send_interface="org.freedesktop.NetworkManager.pptp-ppp"/>
</policy>
</busconfig>
diff --git a/nm-openconnect-service.conf b/nm-openconnect-service.conf
index 2cc1c27..3d4841f 100644
--- a/nm-openconnect-service.conf
+++ b/nm-openconnect-service.conf
@@ -5,17 +5,10 @@
<policy user="root">
<allow own="org.freedesktop.NetworkManager.openconnect"/>
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
- <allow send_interface="org.freedesktop.NetworkManager.openconnect"/>
</policy>
<policy user="nm-openconnect">
<allow own="org.freedesktop.NetworkManager.openconnect"/>
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
- <allow send_interface="org.freedesktop.NetworkManager.openconnect"/>
- </policy>
- <policy context="default">
- <deny own="org.freedesktop.NetworkManager.openconnect"/>
- <deny send_destination="org.freedesktop.NetworkManager.openconnect"/>
- <deny send_interface="org.freedesktop.NetworkManager.openconnect"/>
</policy>
</busconfig>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
