From 6d46b689f01410ab619bba9c41dec00960f36179 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 19 Jul 2017 15:52:12 +0100 Subject: [PATCH] dbus-daemon(1): Be more truthful about the default policy We don't allow sending unrequested replies, but the documentation implied that we did. Signed-off-by: Simon McVittie --- doc/dbus-daemon.1.xml.in | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 447b7fd2..dcaba484 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -779,9 +779,13 @@ they are analogous to a firewall in that they allow expected traffic and prevent unexpected traffic. -Currently, the system bus has a default-deny policy for sending method calls -and owning bus names. Everything else, in particular reply messages, receive -checks, and signals has a default allow policy. + + Currently, the system bus has a default-deny policy for sending method calls + and owning bus names, and a default-allow policy for receiving messages, + sending signals, and sending a single success or error reply for each + method call that does not have the NO_REPLY flag. + Sending more than the expected number of replies is not allowed. + In general, it is best to keep system services as small, targeted programs which -- 2.13.3