eavesdrop in dbus policy

Simon McVittie simon.mcvittie at collabora.co.uk
Wed Mar 25 05:02:01 PDT 2015

On 25/03/15 09:33, Aubert Malek (MM) wrote:
>>> <policy user="logging"><allow eavesdrop="true"/> means the
>>> (dbus-monitor that was run by) the "logging" user may receive
>>> any message from anywhere, even if it is considered to be
>>> eavesdropping (the message is not a broadcast and is intended
>>> for someone else).
> Isn't that what we want? We need to make monitor application see
> everything on DBus.

It is *necessary* for what you want, but it is not *sufficient*.

Like I already said, there are two separate sets of rules: "A may send
to B" and "B may receive from A". You have added a rule to the second
set. You are still not going to get all the messages without adding a
rule to the first set, and there is currently no way to express the rule
you would want to add.

If it was possible to make this work nicely, I wouldn't have spent time
and effort on adding BecomeMonitor.

> Why do I get all the messages, with this policy, on session Dbus
> and not on system Dbus. What is blocking on system Dbus?

The "may send" rules are blocking it. On the session bus, any process
may send anything; on the system bus, this is not true.

> Sorry for insisting but we have 1.6.8 version of Dbus (so, no
> Become Monitor solution especially that we need to avoid more
> CPU load consumption) and I need to find a way to make it work.

Then it is not possible to do what you want, except by backporting the
BecomeMonitor feature from 1.9.


Simon McVittie
Collabora Ltd. <http://www.collabora.com/>

More information about the dbus mailing list