Comment 55 for bug 306362
Revision history for this message
|
|
#55 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
(In reply to comment #49)
> Here is a first pass through the system.d directory.
Some thoughts...
--- system.
There are few receive_sender rules there as well that should only be needed for signals, so their fate actually depends on what the default for signals will be.
--- system.
Did you leave user="root" rules unchanged intentionally? They look like a good candidate for allow send_destination. Why not remove all those context="default" deny rules and only keep explicit allows.
The similar comments apply to gdm.conf.
--- system.
Rule <allow send_interface=
--- system.
- <allow send_interface=
Again, may be needed for signals.
--- system.
I'd prefer to see allow send_destination rule removed from user="root" section. All context="default" rules apply to root as well, so having the rule only there should be sufficient.
--- system.
This seems incorrect to me. Probably something like this is needed:
@@ -8,12 +8,12 @@
<!-- Only root can own the service -->
<policy user="root">
<allow own="org.
- <allow send_interface=
</policy>
<!-- Allow anyone to invoke methods on the interfaces -->
<policy context="default">
- <allow send_interface=
+ <allow send_destinatio
+ send_interface=
</policy>
</busconfig>
Not sure if binding to a particular interface is really needed.
--- system.
Allow rules in user="root" section can be omitted when service should be accessible to all users and there's context="default" allow rule.
--- system.
It may requires some of the removed rules, or allow receive_sender rule for signal handling.
Similar probably applies to yum-updatesd.conf as well.