diff options
author | Colin Walters <walters@verbum.org> | 2008-12-08 20:25:02 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2008-12-08 20:25:02 -0500 |
commit | 7f0990abc74a3c6aa76211a064b57f081690d340 (patch) | |
tree | 439413dc2e30e5eb44867eff879b8940208f6d3f /bus | |
parent | 70a0ac620ab4be279ef8e0945307b541e10a1393 (diff) |
Bug 18229: Update manpage with better advice
See https://bugs.freedesktop.org/show_bug.cgi?id=18229
Diffstat (limited to 'bus')
-rw-r--r-- | bus/dbus-daemon.1.in | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/bus/dbus-daemon.1.in b/bus/dbus-daemon.1.in index 7666f180..94f073b9 100644 --- a/bus/dbus-daemon.1.in +++ b/bus/dbus-daemon.1.in @@ -417,6 +417,18 @@ they are analogous to a firewall in that they allow expected traffic and prevent unexpected traffic. .PP +Currently, the system bus has a default-deny policy for sending method calls +and owning bus names. Everything else, in particular reply messages, receive +checks, and signals has a default allow policy. + +.PP +In general, it is best to keep system services as small, targeted programs which +run in their own process and provide a single bus name. Then, all that is needed +is an <allow> rule for the "own" permission to let the process claim the bus +name, and a "send_destination" rule to allow traffic from some or all uids to +your service. + +.PP The <policy> element has one of three attributes: .nf context="(default|mandatory)" @@ -481,9 +493,7 @@ The possible attributes of these elements are: .PP Examples: .nf - <deny send_interface="org.freedesktop.System" send_member="Reboot"/> - <deny receive_interface="org.freedesktop.System" receive_member="Reboot"/> - <deny own="org.freedesktop.System"/> + <deny send_destination="org.freedesktop.Service" send_interface="org.freedesktop.System" send_member="Reboot"/> <deny send_destination="org.freedesktop.System"/> <deny receive_sender="org.freedesktop.System"/> <deny user="john"/> |