It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway.
Signed-off-by: Lubomir Rintel lkundrak@v3.sk --- teamd/dbus/teamd.conf | 1 - teamd/teamd.conf.in | 1 - 2 files changed, 2 deletions(-)
diff --git a/teamd/dbus/teamd.conf b/teamd/dbus/teamd.conf index c395ea7..20366ea 100644 --- a/teamd/dbus/teamd.conf +++ b/teamd/dbus/teamd.conf @@ -8,6 +8,5 @@ </policy> <policy context="default"> <deny own_prefix="org.libteam.teamd"/> - <deny send_interface="org.libteam.teamd"/> </policy> </busconfig> diff --git a/teamd/teamd.conf.in b/teamd/teamd.conf.in index d1cb2a1..f4e3017 100644 --- a/teamd/teamd.conf.in +++ b/teamd/teamd.conf.in @@ -12,6 +12,5 @@ </policy> <policy context="default"> <deny own_prefix="org.libteam.teamd"/> - <deny send_interface="org.libteam.teamd"/> </policy> </busconfig>
Fri, Oct 16, 2015 at 07:32:15PM CEST, lkundrak@v3.sk wrote:
It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway.
Signed-off-by: Lubomir Rintel lkundrak@v3.sk
applied, thanks
libteam@lists.fedorahosted.org