mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 12:34:55 +00:00
dbus: final dbus policy fixes (bgo #563730)
Keep explicit denials, consolidate stuff, ensure that when denying send_interface it's almost always matched with send_destination.
This commit is contained in:
parent
f90d079858
commit
3888405134
|
@ -4,11 +4,10 @@
|
|||
<busconfig>
|
||||
<policy user="root">
|
||||
<allow own="org.freedesktop.nm_avahi_autoipd"/>
|
||||
<allow send_interface="org.freedesktop.nm_avahi_autoipd"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.nm_avahi_autoipd"/>
|
||||
<deny send_interface="org.freedesktop.nm_avahi_autoipd"/>
|
||||
<deny send_destination="org.freedesktop.nm_avahi_autoipd"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
|
||||
|
|
|
@ -4,11 +4,10 @@
|
|||
<busconfig>
|
||||
<policy user="root">
|
||||
<allow own="org.freedesktop.nm_dhcp_client"/>
|
||||
<allow send_interface="org.freedesktop.nm_dhcp_client"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.nm_dhcp_client"/>
|
||||
<deny send_interface="org.freedesktop.nm_dhcp_client"/>
|
||||
<deny send_destination="org.freedesktop.nm_dhcp_client"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
|
||||
|
|
|
@ -4,11 +4,11 @@
|
|||
<busconfig>
|
||||
<policy user="root">
|
||||
<allow own="org.freedesktop.nm_dispatcher"/>
|
||||
<allow send_interface="org.freedesktop.nm_dispatcher"/>
|
||||
<allow send_destination="org.freedesktop.nm_dispatcher"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.nm_dispatcher"/>
|
||||
<deny send_interface="org.freedesktop.nm_dispatcher"/>
|
||||
<deny send_destination="org.freedesktop.nm_dispatcher"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
|
||||
|
|
|
@ -5,19 +5,19 @@
|
|||
<policy user="root">
|
||||
<allow own="org.freedesktop.NetworkManager"/>
|
||||
<allow send_destination="org.freedesktop.NetworkManager"/>
|
||||
<allow send_interface="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
</policy>
|
||||
<policy at_console="true">
|
||||
<allow send_destination="org.freedesktop.NetworkManager"/>
|
||||
<allow send_interface="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<deny send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.NetworkManager"/>
|
||||
<deny send_destination="org.freedesktop.NetworkManager"/>
|
||||
<deny send_interface="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<deny send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
|
|
|
@ -6,17 +6,15 @@
|
|||
<allow own="org.freedesktop.NetworkManagerSystemSettings"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
|
||||
<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
|
||||
<allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.NetworkManagerSystemSettings"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManagerSystemSettings"/>
|
||||
<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
|
||||
|
||||
<!-- Only root can get secrets -->
|
||||
<deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
|
||||
<deny send_destination="org.freedesktop.NetworkManagerSystemSettings"
|
||||
send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
|
||||
</policy>
|
||||
|
||||
<limit name="max_replies_per_connection">512</limit>
|
||||
|
|
Loading…
Reference in a new issue