ifcfg-rh: refactor dbus policy

This drops some redundant rules and orderes the remaining ones by
precedence.

The 'root' rules take precedence over the 'default' rules, so order
the file accordingly.

It is not necessary to repeat send_destination rules, as the default
rules already allows everyone to send to the interface.

Moreover, it is not necessary to restrict the ownership of the name
in the default context, as this is already done by the system-wide
default rule.

Reviewed-by: David Herrmann <dh.herrmann@gmail.com>

1 files changed, 3 insertions, 8 deletions

diff --git a/src/settings/plugins/ifcfg-rh/nm-ifcfg-rh.conf b/src/settings/plugins/ifcfg-rh/nm-ifcfg-rh.conf
index 8fefaf1808..cc6ccb5cb4 100644
--- a/src/settings/plugins/ifcfg-rh/nm-ifcfg-rh.conf
+++ b/src/settings/plugins/ifcfg-rh/nm-ifcfg-rh.conf
@@ -2,16 +2,11 @@
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
-        <policy user="root">
-                <allow own="com.redhat.ifcfgrh1"/>
-                <allow send_destination="com.redhat.ifcfgrh1"/>
-        </policy>
-        <policy at_console="true">
-                <allow send_destination="com.redhat.ifcfgrh1"/>
-        </policy>
         <policy context="default">
-                <deny own="com.redhat.ifcfgrh1"/>
                 <allow send_destination="com.redhat.ifcfgrh1"/>
         </policy>
+        <policy user="root">
+                <allow own="com.redhat.ifcfgrh1"/>
+        </policy>
 </busconfig>