diff options
| author | kremlin <ian@kremlin.cc> | 2014-08-08 13:21:34 +0800 |
|---|---|---|
| committer | kremlin <ian@kremlin.cc> | 2014-08-08 13:21:34 +0800 |
| commit | d26b0b64ec518df3c22ddf7a69e1285c983a42fc (patch) | |
| tree | bd8e62e090248062eaf52bb2894988faa3b8299f | |
| parent | c7028b11306cb1025dd07cb3615d603f65b05ee2 (diff) | |
| download | systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar.gz systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar.bz2 systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar.lz systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar.xz systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.tar.zst systembsd-d26b0b64ec518df3c22ddf7a69e1285c983a42fc.zip | |
add deny clause in hostnamed sysbus policy
add a <deny> statement to prevent regular users from invoking any
methods on hostname1's interface, which all set details only root
should be able to set
| -rw-r--r-- | conf/sysbus-policy/hostnamed-dbus.conf | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/conf/sysbus-policy/hostnamed-dbus.conf b/conf/sysbus-policy/hostnamed-dbus.conf index ea11b9d..9c4fa41 100644 --- a/conf/sysbus-policy/hostnamed-dbus.conf +++ b/conf/sysbus-policy/hostnamed-dbus.conf @@ -10,5 +10,9 @@ <policy context="default"> <allow send_destination="org.freedesktop.hostname1"/> <allow receive_sender="org.freedesktop.hostname1"/> + + <deny send_destination="org.freedesktop.hostname1" + send_interface="org.freedesktop.hostname1" + send_type="method_call"/> </policy> </busconfig> |