From bfc2ff8fdef7405625ab2779974a803b1744741c Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 22 Feb 2017 13:22:37 +0000 Subject: [PATCH] doc: Clarify /etc/dbus-1/system.d and /usr/share/dbus-1/system.d The documentation generally only mentioned the directory in /etc, even though we actually prefer security policies to be installed in /usr/share to allow for stateless and volatile systems (i.e. booting up with an empty /etc). Signed-off-by: Philip Withnall https://bugs.freedesktop.org/show_bug.cgi?id=99901 --- doc/dbus-api-design.duck | 6 +++++- doc/system-activation.txt | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/dbus-api-design.duck b/doc/dbus-api-design.duck index be3ea9f..9418618 100644 --- a/doc/dbus-api-design.duck +++ b/doc/dbus-api-design.duck @@ -826,6 +826,8 @@ however there are some steps which you can take when designing an API to ease security policy implementation. D-Bus security policies are written as XML files in +$file($var($$(datadir$)/dbus-1/system.d)), +$file($var($$(datadir$)/dbus-1/session.d)), $file($var($$(sysconfdir$)/dbus-1/system.d)) and $file($var($$(sysconfdir$)/dbus-1/session.d)) and use an allow/deny model, where each message (method call, signal emission, etc.) can be allowed or denied @@ -836,7 +838,9 @@ $code(send_destination) or $code(receive_sender) attribute set. When designing an API, bear in mind the need to write and install such a security policy, and consider splitting up methods or providing more restricted versions which accept constrained parameters, so that they can be exposed with -less restrictive security policies if needed by less trusted clients. +less restrictive security policies if needed by less trusted clients. Security +policies should be installed to $file($var($$(datadir$))) rather than +$(file($var($$(sysconfdir$))); the latter is intended for system administators. Secondly, the default D-Bus security policy for the system bus is restrictive enough to allow sensitive data, such as passwords, to be safely sent over the diff --git a/doc/system-activation.txt b/doc/system-activation.txt index dd195f7..dde648e 100644 --- a/doc/system-activation.txt +++ b/doc/system-activation.txt @@ -46,7 +46,8 @@ Exec=/usr/sbin/dbus-test-server.py User=ftp This gives the user to switch to, and also the path of the executable. -The service name must match that specified in the /etc/dbus-1/system.d conf file. +The service name must match that specified in the /etc/dbus-1/system.d or +/usr/share/dbus-1/system.d conf file. Precautions taken: -- 2.9.3