[Pkg-bluetooth-maintainers] Bug#510644: bluetooth.conf needs alterations for new D-Bus

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Jan 7 11:17:35 PST 2009 

On Mon, 05 Jan 2009 at 23:32:50 +0100, Filippo Giunchedi wrote:
> On Mon, Jan 05, 2009 at 08:32:58PM +0000, Simon McVittie wrote:
> > >     <allow send_interface="org.bluez.Agent"/>
> > 
> > That will work but is not ideal; D-Bus upstream opinion seems to be that
> > a bare "send_interface" without a corresponding send_destination is
> > almost always an error (because it matches the corresponding interface on
> > completely unrelated processes). Do Agent implementations have a well-known
> > service name you can use?
> > 
> > Failing that, maybe you could at least match on object path as well as
> > on interface?
> 
> Unfortunately they don't a well known service name nor object path, agents are
> user-registered

Never mind. We have a lot of these rules in the archive anyway
(http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=fdo-18961)
and as far as I can tell it's not a release-critical bug, particularly
as an <allow> rule... so leave it like that unless D-Bus upstream can
explain something better.

> > Debian packages usually have a dual at_console/group-based policy for device
> > accesses like this (e.g. members of powerdev and netdev can use various
> > interfaces on hal even if they are not at_console), by duplicating the
> > permissions of the at_console <policy> into a separate group policy. See
> > NetworkManager's configuration in Debian, for instance.
> 
> Okay, given that using AF_BLUETOOTH sockets requires CAP_NET_ADMIN for some
> ioctls I'd go for netdev group, makes sense?

netdev sounds the most appropriate, yes. avahi-daemon has some suitable
postinst snippets to create the group if necessary, before telling D-Bus
to reload:

case "$1" in
  configure)

    ...

    # Add the netdev group unless it's already there
    if ! getent group netdev >/dev/null; then
      addgroup --quiet --system netdev || true
    fi

    ...

    # Ask the bus to reload the config file
    if [ -x "/etc/init.d/dbus" ]; then
      invoke-rc.d dbus force-reload || true
    fi
  ;;

Apparently at_console works (or at least, can be made to work) if you have
ConsoleKit installed, so you should have two <policy> sections, one for
at_console and one for netdev, containing the same <allow> rules.

Please go ahead with the unstable upload, but also attach the resulting
bluetooth.conf to this bug so I can review it.

Thanks,
    Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090107/ecc5a799/attachment.pgp

More information about the dbus mailing list