$(sysconfdir)/dbus-1/system.d vs $(datadir)/dbus-1/system.d

Дилян Палаузов dilyan.palauzov at aegee.org
Tue Mar 19 16:43:23 UTC 2019


Hello,

dbus-1.12.12/doc/dbus-api-design.duck says:

D-Bus security policies are written as XML files in
$file($var($$(datadir)/dbus-1/system.d)),
$file($var($$(datadir)/dbus-1/session.d)),
$file($var($$(sysconfdir)/dbus-1/system.d)) and
$file($var($$(sysconfdir)/dbus-1/session.d)) and use an allow/deny model, where
each message (method call, signal emission, etc.) can be allowed or denied
according to the sum of all policy rules which match it. Each $code(<allow>) or
$code(<deny>) rule in the policy should have the $code(own),
$code(send_destination) or $code(receive_sender) attribute set.

When designing an API, bear in mind the need to write and install such a
security policy, and consider splitting up methods or providing more restricted
versions which accept constrained parameters, so that they can be exposed with
less restrictive security policies if needed by less trusted clients. Since
dbus-daemon 1.10, security policies should be installed to
$file($var($$(datadir))) rather than $(file($var($$(sysconfdir))); the latter
is intended for system administators.

doc/dbus-daemon.1.xml.in says:
<para>Include all files in <includedir>foo.d</includedir> at this  point. Files in the directory are
included in undefined order. Only files ending in ".conf" are included.</para>


<para>This is intended to allow extension of the system bus by particular packages. For example, if CUPS wants to be
able to send out notification of printer queue changes, it could install a file to @EXPANDED_DATADIR@/dbus-1/system.d
or @EXPANDED_SYSCONFDIR@/dbus-1/system.d that allowed all apps to receive this message and allowed the printer daemon
user to send it.</para>


My /usr/share/dbus-1/system.conf contains:
<includedir>system.d</includedir>
<includedir>/etc/dbus-1/system.d</includedir>

QUESTION:

If $(datadir)/dbus-1/system.d/A.conf and $(sysconfdir)/dbus-1/system.d/A.conf both exist, does by the default the
sysconfdir location take precedence?

Is /usr/local/share/dbus-1/system.d/ by default ignored, if Dbus has the configuration file above?  I have ./configured
dus with “./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-user-session”?

Or with other words, is
  echo `pkg-config --variable datadir dbus-1`/dbus-1/system.d/

the only right place where a package shall install its policies, irrespective of the $(prefix) for the package?



More information about the dbus mailing list