diff options
Diffstat (limited to 'bus/dbus-daemon-1.1.in')
-rw-r--r-- | bus/dbus-daemon-1.1.in | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/bus/dbus-daemon-1.1.in b/bus/dbus-daemon-1.1.in index 2498c55b..c38ca68a 100644 --- a/bus/dbus-daemon-1.1.in +++ b/bus/dbus-daemon-1.1.in @@ -23,7 +23,7 @@ exchange messages with one another. .PP There are two standard message bus instances: the systemwide message bus -(installed on many systems as the "messagebus" service) and the +(installed on many systems as the "messagebus" init service) and the per-user-login-session message bus (started each time a user logs in). \fIdbus-daemon-1\fP is used for both of these instances, but with a different configuration file. @@ -212,7 +212,7 @@ Example: <listen>unix:path=/tmp/foo</listen> .PP If there are multiple <listen> elements, then the bus listens on multiple addresses. The bus will pass its address to -activated services or other interested parties with +started services or other interested parties with the last address given in <listen> first. That is, apps will try to connect to the last <listen> address first. @@ -241,8 +241,8 @@ scanned starting with the last to appear in the config file service will be used). .PP -Service files tell the bus how to automatically start a particular -service. They are primarily used with the per-user-session bus, +Service files tell the bus how to automatically start a program. +They are primarily used with the per-user-session bus, not the systemwide bus. .TP @@ -265,8 +265,8 @@ Available limit names are: queued up for a single connection "max_message_size" : max size of a single message in bytes - "activation_timeout" : milliseconds (thousandths) until - an activated service has to connect + "service_start_timeout" : milliseconds (thousandths) until + a started service has to connect "auth_timeout" : milliseconds (thousandths) a connection is given to authenticate @@ -275,9 +275,9 @@ Available limit names are: connections "max_connections_per_user" : max number of completed connections from the same user - "max_pending_activations" : max number of activations in + "max_pending_service_starts" : max number of service launches in progress at the same time - "max_services_per_connection": max number of services a single + "max_names_per_connection" : max number of names a single connection can own "max_match_rules_per_connection": max number of match rules for a single connection @@ -347,14 +347,14 @@ The possible attributes of these elements are: send_interface="interface_name" send_member="method_or_signal_name" send_error="error_name" - send_destination="service_name" + send_destination="name" send_type="method_call" | "method_return" | "signal" | "error" send_path="/path/name" receive_interface="interface_name" receive_member="method_or_signal_name" receive_error="error_name" - receive_sender="service_name" + receive_sender="name" receive_type="method_call" | "method_return" | "signal" | "error" receive_path="/path/name" @@ -363,7 +363,7 @@ The possible attributes of these elements are: eavesdrop="true" | "false" - own="servicename" + own="name" user="username" group="groupname" .fi @@ -387,8 +387,8 @@ rules in the config file allow it). .PP send_destination and receive_sender rules mean that messages may not be -sent to or received from the *owner* of the given service, not that -they may not be sent *to that service name*. That is, if a connection +sent to or received from the *owner* of the given name, not that +they may not be sent *to that name*. That is, if a connection owns services A, B, C, and sending to A is denied, sending to B or C will not work either. @@ -398,7 +398,7 @@ matches against the given field in the message header. .PP "Eavesdropping" occurs when an application receives a message that -was explicitly addressed to a service the application does not own. +was explicitly addressed to a name the application does not own. Eavesdropping thus only applies to messages that are addressed to services (i.e. it does not apply to signals). @@ -437,7 +437,7 @@ user and group denials mean that the given user or group may not connect to the message bus. .PP -For "service_name", "username", "groupname", etc. +For "name", "username", "groupname", etc. the character "*" can be substituted, meaning "any." Complex globs like "foo.bar.*" aren't allowed for now because they'd be work to implement and maybe encourage sloppy security anyway. @@ -449,10 +449,10 @@ context="default" or context="mandatory" policies. .PP A single <deny> rule may specify combinations of attributes such as -send_service and send_interface and send_type. In this case, the +send_destination and send_interface and send_type. In this case, the denial applies only if both attributes match the message being denied. -e.g. <deny send_interface="foo.bar" send_service="foo.blah"/> would -deny messages of the given interface AND to the given service. +e.g. <deny send_interface="foo.bar" send_destination="foo.blah"/> would +deny messages with the given interface AND the given bus name. To get an OR effect you specify multiple <deny> rules. .PP @@ -482,17 +482,17 @@ creates a mapping. Right now only one kind of association is possible: .fi .PP -This means that if a connection asks to own the service +This means that if a connection asks to own the name "org.freedesktop.Foobar" then the source context will be the context of the connection and the target context will be "foo_t" - see the short discussion of SELinux below. .PP -Note, the context here is the target context when acquiring a service, -NOT the context of the connection owning the service. +Note, the context here is the target context when requesting a name, +NOT the context of the connection owning the name. .PP -There's currently no way to set a default for owning any service, if +There's currently no way to set a default for owning any name, if we add this syntax it will look like: .nf <associate own="*" context="foo_t"/> @@ -501,9 +501,8 @@ If you find a reason this is useful, let the developers know. Right now the default will be the security context of the bus itself. .PP -If two <associate> elements specify the same service name, -the element appearing later in the configuration file will -be used. +If two <associate> elements specify the same name, the element +appearing later in the configuration file will be used. .SH SELinux @@ -557,14 +556,14 @@ connect to the systemwide bus. If this changes, we'll probably add a way to set the default connection context. .PP -Second, any time a connection asks to own a service, +Second, any time a connection asks to own a name, the bus daemon will check permissions with the security context of the connection as source, the security context specified -for the service name with an <associate> element as target, object +for the name with an <associate> element as target, object class "dbus" and requested permission "acquire_svc". .PP -If the service name has no security context associated in the +If the name has no security context associated in the configuration file, the security context of the bus daemon itself will be used. |