mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-03 06:45:26 +00:00
dbus: don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway.
This commit is contained in:
parent
6ae618ef97
commit
a426f7f396
|
@ -10,13 +10,9 @@
|
|||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
|
||||
<allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
|
||||
|
||||
<!-- Allow NM to talk to known VPN plugins; due to a bug in
|
||||
the D-Bus daemon, when a plugin is installed and the user
|
||||
immediately tries to use it, the VPN plugin's rules aren't
|
||||
always loaded into dbus-daemon. Those rules allow NM to
|
||||
talk to the plugin. Oops. Work around that by explicitly
|
||||
allowing NM to talk to VPN plugins here.
|
||||
<!-- These are there because some broken policies do
|
||||
<allow send_interface="..." /> (see dbus-daemon(8) for details).
|
||||
This seems to override that for the known VPN plugins.
|
||||
-->
|
||||
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
|
||||
<allow send_destination="org.freedesktop.NetworkManager.openswan"/>
|
||||
|
@ -121,8 +117,6 @@
|
|||
<deny send_interface="org.freedesktop.NetworkManager" send_member="Sleep"/>
|
||||
<deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="LoadConnections"/>
|
||||
<deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="ReloadConnections"/>
|
||||
<deny send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
|
||||
<deny send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
</policy>
|
||||
|
||||
<limit name="max_replies_per_connection">1024</limit>
|
||||
|
|
Loading…
Reference in a new issue