mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-18 20:24:32 +00:00
3a40d05735
As described in [0], this likely did not have the intended effect, so simply remove it. The change in behavior is that up until this patch it would be possible for any non-system user to potentially gain access to selinux' dbus interface. Now this is extended to also allow any system user. As the comment indicates, PolicyKit is used to enforce access, so this should be perfectly harmless. [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html> Signed-off-by: Tom Gundersen <teg@jklm.no> CC: David Herrmann <dh.herrmann@gmail.com>
20 lines
535 B
XML
20 lines
535 B
XML
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
|
|
|
|
<!DOCTYPE busconfig PUBLIC
|
|
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
<busconfig>
|
|
|
|
<!-- Only root can own the service -->
|
|
<policy user="root">
|
|
<allow own="org.selinux"/>
|
|
</policy>
|
|
|
|
<!-- Allow anyone to invoke methods on the interfaces,
|
|
authorization is performed by PolicyKit -->
|
|
<policy context="default">
|
|
<allow send_destination="org.selinux"/>
|
|
</policy>
|
|
|
|
</busconfig>
|