system/NetworkManager
system/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager synced 2024-10-03 06:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

dbus: don't do <deny send_interface="..." /> in dbus service file

Browse source 
It does more than intended; apart from denying messages to that particular
interface it also denies all messages non-qualified with an interface globally.
From the dbus-daemon manual:

  Be careful with send_interface/receive_interface, because the
  interface field in messages is optional. In particular, do NOT
  specify <deny send_interface="org.foo.Bar"/>! This will cause
  no-interface messages to be blocked for all services, which is almost
  certainly not what you intended. Always use rules of the form: <deny
  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>

We can just safely remove those rules, since we're sufficiently protected
by the send_destination matches and method calls are disallowed by default
anyway.
This commit is contained in:
Lubomir Rintel 2015-10-23 12:03:40 +02:00
parent 6ae618ef97
commit a426f7f396
1 changed files with 3 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/org.freedesktop.NetworkManager.conf
View file

@ -10,13 +10,9 @@
send_interface="org.freedesktop.NetworkManager.PPP"/>
<allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
<!-- Allow NM to talk to known VPN plugins; due to a bug in
the D-Bus daemon, when a plugin is installed and the user
immediately tries to use it, the VPN plugin's rules aren't
always loaded into dbus-daemon. Those rules allow NM to
talk to the plugin. Oops. Work around that by explicitly
allowing NM to talk to VPN plugins here.
<!-- These are there because some broken policies do
<allow send_interface="..." /> (see dbus-daemon(8) for details).
This seems to override that for the known VPN plugins.
-->
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
<allow send_destination="org.freedesktop.NetworkManager.openswan"/>
@ -121,8 +117,6 @@
<deny send_interface="org.freedesktop.NetworkManager" send_member="Sleep"/>
<deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="LoadConnections"/>
<deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="ReloadConnections"/>
<deny send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
<deny send_interface="org.freedesktop.NetworkManager.PPP"/>
</policy>
<limit name="max_replies_per_connection">1024</limit>