The current system.conf default policy is too confusing and ill specified. Here's a pass at a rewrite which attempts to spell out exactly what we want in more explicit terms. Please review carefully line by line. <policy context="default"> <!-- All users can connect to system bus --> <allow user="*"/> <!-- Holes must be punched in service configuration files for name ownership and sending method calls --> <deny own="*"/> <deny send_type="method_call"/> <!-- Signals and reply messages (method returns, errors) are allowed by default --> <allow send_type="signal"/> <allow send_requested_reply="true" send_type="method_return"/> <allow send_requested_reply="true" send_type="error"/> <!-- All messages may be received by default --> <allow receive_type="method_call"/> <allow receive_type="method_return"/> <allow receive_type="error"/> <allow receive_type="signal"/> <!-- Allow anyone to talk to the message bus --> <allow send_destination="org.freedesktop.DBus"/> <!-- But disallow some specific bus services --> <deny send_destination="org.freedesktop.DBus" send_interface="org.freedesktop.DBus" send_member="UpdateActivationEnvironment"/> </policy>
I think doing it this way makes a lot of sense. It's very clear what's going on this way. My only concern would be if new message types got added that this would need to be updated. But that's not really an issue because it's unlikely that would happen since we're post-1.0 (and if it did, the patch would just need to remember to update the configuration) Seems reasonable to me.
Pushed to 1.3 and 1.2: commit dc77c213742d2a373e3ed134168e4377e7c99a61 Author: Colin Walters <walters@verbum.org> Date: Fri Dec 12 14:50:21 2008 -0500 Clean up and clarify default system policy The former was too reliant on old bugs and was generally unclear. This one makes explicit exactly what is allowed and not.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.