D-Bus policies. system bus and bus names
Lawrence D'Oliveiro
ldo at geek-central.gen.nz
Wed May 31 02:40:52 UTC 2017
On Tue, 30 May 2017 23:07:08 +0200, David Sommerseth wrote:
> and the man page explicitly tells me NOT to only use send_interface in
> an allow or deny rule.
It doesn’t say that--not in my reading. Presumably you are referring to
this passage (in my version of the dbus-daemon(1) man page, can’t quite
find the same version online):
Be careful with send_interface/receive_interface, because the interface
field in messages is optional. In particular, do NOT specify <deny
send_interface="org.foo.Bar"/>! This will cause no-interface messages
to be blocked for all services, which is almost certainly not what you
intended. Always use rules of the form: <deny
send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
The interface field may be optional, but if your code is always
including it, then that caveat should not apply. The recommendation
against send_interface without send_destination would seem to apply only
to a deny rule.
More information about the dbus
mailing list