diff options
author | Dan Williams <dcbw@redhat.com> | 2012-05-15 09:12:43 -0500 |
---|---|---|
committer | Dan Williams <dcbw@redhat.com> | 2012-05-15 09:19:59 -0500 |
commit | 31bd88f42b3245460e2ebd6f446767415974a778 (patch) | |
tree | d4c86e84fb720d80ef075e72e68b9cccdf800087 | |
parent | e41bd08bf139bddca5d7d4606317381d4bc23b56 (diff) | |
download | NetworkManager-remove-at-console.tar.gz |
dbus: remove at_console policy sectionremove-at-console
Remove restrictions on most D-Bus methods for remote sessions. This
turns out to be a NOP for any PolicyKit-protected methods because
PK automatically denies non-local users unless the <allow_any>
directive is used, which NM does not use anywhwere.
(If a build disables PolicyKit, then clearly these methods are no
longer protected restricted to local sessions, but the cases where
PK is disabled are likely the same cases where session tracking,
and thus local/remote determination, are also disabled.)
There's no particular reason to deny remote sessions the ability
to inspect network state and read connections visible to that
session. But those sessions are still denied the ability to
register agents for password handling as there seems to be no
good reason to allow it for now.
-rw-r--r-- | src/org.freedesktop.NetworkManager.conf | 70 |
1 files changed, 3 insertions, 67 deletions
diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf index 501b68bddc..853e854522 100644 --- a/src/org.freedesktop.NetworkManager.conf +++ b/src/org.freedesktop.NetworkManager.conf @@ -24,77 +24,13 @@ <allow send_destination="org.freedesktop.NetworkManager.pptp"/> <allow send_destination="org.freedesktop.NetworkManager.vpnc"/> </policy> - <policy at_console="true"> + <policy context="default"> <allow send_destination="org.freedesktop.NetworkManager"/> - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.DBus.Introspectable"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.DBus.Properties"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.AccessPoint"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Connection.Active"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Device.Modem"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Device.Wired"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Device.Serial"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Device.Wireless"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Device"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.DHCP4Config"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.IP4Config"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.VPN.Connection"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.AgentManager"/> - - <deny send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager" - send_member="SetLogging"/> + <deny send_interface="org.freedesktop.NetworkManager.SecretAgent"/> <deny send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager" - send_member="Sleep"/> - - <deny send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager" - send_member="sleep"/> - - <deny send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager" - send_member="wake"/> - </policy> - <policy context="default"> - <deny own="org.freedesktop.NetworkManager"/> - - <deny send_destination="org.freedesktop.NetworkManager"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.Settings"/> - - <allow send_destination="org.freedesktop.NetworkManager" - send_interface="org.freedesktop.NetworkManager.AgentManager"/> + send_interface="org.freedesktop.NetworkManager.PPP"/> <deny send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager" |