From dc9901331a083018f109f4a50e87391a7c57e5fe Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 19 Jul 2017 15:43:35 +0100 Subject: [PATCH] dbus-daemon(1): Document the wildcard attribute value "*" more clearly Signed-off-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 49 +++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index a9a46eef..5f8dddd6 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -835,29 +835,29 @@ statements, and works just like <deny> but with the inverse meaning.The possible attributes of these elements are: - send_interface="interface_name" - send_member="method_or_signal_name" - send_error="error_name" - send_destination="name" - send_type="method_call" | "method_return" | "signal" | "error" - send_path="/path/name" - - receive_interface="interface_name" - receive_member="method_or_signal_name" - receive_error="error_name" - receive_sender="name" - receive_type="method_call" | "method_return" | "signal" | "error" - receive_path="/path/name" + send_interface="interface_name" | "*" + send_member="method_or_signal_name" | "*" + send_error="error_name" | "*" + send_destination="name" | "*" + send_type="method_call" | "method_return" | "signal" | "error" | "*" + send_path="/path/name" | "*" + + receive_interface="interface_name" | "*" + receive_member="method_or_signal_name" | "*" + receive_error="error_name" | "*" + receive_sender="name" | "*" + receive_type="method_call" | "method_return" | "signal" | "error" | "*" + receive_path="/path/name" | "*" send_requested_reply="true" | "false" receive_requested_reply="true" | "false" eavesdrop="true" | "false" - own="name" + own="name" | "*" own_prefix="name" - user="username" - group="groupname" + user="username" | "*" + group="groupname" | "*" @@ -879,10 +879,21 @@ rules in the config file allow it). sent to or received from the *owner* of the given name, not that they may not be sent *to that name*. That is, if a connection owns services A, B, C, and sending to A is denied, sending to B or C -will not work either. +will not work either. As a special case, +send_destination="*" matches any message +(whether it has a destination specified or not), and +receive_sender="*" similarly matches any message. -The other send_* and receive_* attributes are purely textual/by-value -matches against the given field in the message header. + + The other send_* and receive_* + attributes are purely textual/by-value matches against the given field in + the message header, except that for the attributes where it is allowed, + * matches any message (whether it has the relevant + header field or not). For example, send_interface="*" + matches any sent message, even if it does not contain an interface header + field. More complex glob matching such as foo.bar.* is + not allowed. + "Eavesdropping" occurs when an application receives a message that was explicitly addressed to a name the application does not own, or -- 2.13.3