diff options
| author | kremlin <ian@kremlin.cc> | 2014-08-08 13:21:34 +0800 |
|---|---|---|
| committer | kremlin <ian@kremlin.cc> | 2014-08-08 13:21:34 +0800 |
| commit | 3a3ab0fe910260a4abd0e84b373102fe8169d4ea (patch) | |
| tree | bd8e62e090248062eaf52bb2894988faa3b8299f | |
| parent | 2e337f4639545d3b389ad84669449df8186decb1 (diff) | |
| download | systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar.gz systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar.bz2 systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar.lz systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar.xz systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.tar.zst systembsd-3a3ab0fe910260a4abd0e84b373102fe8169d4ea.zip | |
add deny clause in hostnamed sysbus policy
add a <deny> statement to prevent regular users from invoking any
methods on hostname1's interface, which all set details only root
should be able to set
| -rw-r--r-- | conf/sysbus-policy/hostnamed-dbus.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/sysbus-policy/hostnamed-dbus.conf b/conf/sysbus-policy/hostnamed-dbus.conf index ea11b9d..9c4fa41 100644 --- a/conf/sysbus-policy/hostnamed-dbus.conf +++ b/conf/sysbus-policy/hostnamed-dbus.conf @@ -10,5 +10,9 @@ <policy context="default"> <allow send_destination="org.freedesktop.hostname1"/> <allow receive_sender="org.freedesktop.hostname1"/> + + <deny send_destination="org.freedesktop.hostname1" + send_interface="org.freedesktop.hostname1" + send_type="method_call"/> </policy> </busconfig> |