dbus: fix issues with root being at_console
When root is at_console, the at_console stuff overrides the user=root section. Since the default section will deny-by-default, explicitly allow certain D-Bus interfaces to be usable by at_console users (including root when root is at_console) prevents root from being denied access to those interfaces when root is at_console.
This commit is contained in:
Dan Williams
@@ -12,15 +12,51 @@
|
||||
<policy at_console="true">
|
||||
<allow send_destination="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<deny send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.DBus.Introspectable"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.DBus.Properties"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device.Cdma"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device.Wired"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device.Gsm"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device.Serial"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.Device"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.DHCP4Config"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.IP4Config"/>
|
||||
|
||||
<allow send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
|
||||
</policy>
|
||||
<policy context="default">
|
||||
<deny own="org.freedesktop.NetworkManager"/>
|
||||
<deny send_destination="org.freedesktop.NetworkManager"/>
|
||||
|
||||
<deny send_destination="org.freedesktop.NetworkManager"
|
||||
send_interface="org.freedesktop.NetworkManager.PPP"/>
|
||||
</policy>
|
||||
|
||||
<limit name="max_replies_per_connection">512</limit>
|
||||
|
||||
Reference in New Issue
Block a user