[Pkg-utopia-commits] r2764 - in /packages/experimental/knetworkmanager/debian: changelog patches/04-dbus_access.patch

biebl at users.alioth.debian.org biebl at users.alioth.debian.org
Thu Feb 5 20:49:11 UTC 2009 

Author: biebl
Date: Thu Feb  5 20:49:11 2009
New Revision: 2764

URL: http://svn.debian.org/wsvn/pkg-utopia/?sc=1&rev=2764
Log:
Fix the D-Bus policy file. This time for real.

Modified:
    packages/experimental/knetworkmanager/debian/changelog
    packages/experimental/knetworkmanager/debian/patches/04-dbus_access.patch

Modified: packages/experimental/knetworkmanager/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/experimental/knetworkmanager/debian/changelog?rev=2764&op=diff
==============================================================================
--- packages/experimental/knetworkmanager/debian/changelog (original)
+++ packages/experimental/knetworkmanager/debian/changelog Thu Feb  5 20:49:11 2009
@@ -1,8 +1,11 @@
 knetworkmanager (1:0.7~~svn908338-2) experimental; urgency=low
 
   * debian/patches/04-dbus_access.patch
-    - Update D-Bus configuration file for NetworkManager 0.7 and the newer,
-      stricter default policy of the D-Bus system bus. Closes: #511526
+    - Update D-Bus names and interfaces for NM 0.7. Closes: #511526
+    - Remove bare send_interface directives to avoid non-deterministic allow
+      messages with no interface. Closes: #510728
+    - Do not allow unpriviledged processes to ask for a users' connections.
+    - Allow introspection by default.
 
  -- Michael Biebl <biebl at debian.org>  Thu, 05 Feb 2009 01:52:22 +0100
 

Modified: packages/experimental/knetworkmanager/debian/patches/04-dbus_access.patch
URL: http://svn.debian.org/wsvn/pkg-utopia/packages/experimental/knetworkmanager/debian/patches/04-dbus_access.patch?rev=2764&op=diff
==============================================================================
--- packages/experimental/knetworkmanager/debian/patches/04-dbus_access.patch (original)
+++ packages/experimental/knetworkmanager/debian/patches/04-dbus_access.patch Thu Feb  5 20:49:11 2009
@@ -1,8 +1,8 @@
 Index: knetworkmanager-0.7~~svn908338/knetworkmanager-0.7/knetworkmanager.conf
 ===================================================================
 --- knetworkmanager-0.7~~svn908338.orig/knetworkmanager-0.7/knetworkmanager.conf	2007-12-12 19:31:03.000000000 +0100
-+++ knetworkmanager-0.7~~svn908338/knetworkmanager-0.7/knetworkmanager.conf	2009-02-05 04:50:47.000000000 +0100
-@@ -3,42 +3,41 @@
++++ knetworkmanager-0.7~~svn908338/knetworkmanager-0.7/knetworkmanager.conf	2009-02-05 21:39:13.000000000 +0100
+@@ -3,42 +3,35 @@
   "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
  <busconfig>
  	<policy user="root">
@@ -14,11 +14,9 @@
  		<allow own="org.freedesktop.NetworkManagerUserSettings"/>
  
 -		<allow send_destination="org.freedesktop.NetworkManagerSettings"/>
+-		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
+-
 +		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- 		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
- 
-+		<!-- Only root can get secrets -->
-+		<allow send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
  	</policy>
  	<policy at_console="true">
 -		<allow own="org.freedesktop.NetworkManagerInfo"/>
@@ -27,21 +25,22 @@
 -		<allow send_destination="org.freedesktop.NetworkManagerInfo"/>
 -		<allow send_interface="org.freedesktop.NetworkManagerInfo"/>
 +		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
-+		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
  
 +		<!-- Only root can get secrets -->
-+		<deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
++		<deny send_destination="org.freedesktop.NetworkManagerUserSettings"
++		      send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
 +	</policy>
 +	<policy group="netdev">
  		<allow own="org.freedesktop.NetworkManagerUserSettings"/>
  
 -		<allow send_destination="org.freedesktop.NetworkManagerSettings"/>
+-		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
+-
 +		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
- 		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
  
--
 +		<!-- Only root can get secrets -->
-+		<deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
++		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
++		       send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
  	</policy>
  	<policy context="default">
 -		<deny own="org.freedesktop.NetworkManagerInfo"/>
@@ -49,16 +48,15 @@
 -		<deny send_destination="org.freedesktop.NetworkManagerInfo"/>
 -		<deny send_interface="org.freedesktop.NetworkManagerInfo"/>
 -
- 		<deny own="org.freedesktop.NetworkManagerUserSettings"/>
- 
+-		<deny own="org.freedesktop.NetworkManagerUserSettings"/>
+-
 -		<deny send_destination="org.freedesktop.NetworkManagerSettings"/>
 -		<deny send_interface="org.freedesktop.NetworkManagerSettings"/>
 -
--
-+		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"/>
-+		<allow send_interface="org.freedesktop.NetworkManagerSettings"/>
-+		<!-- Only root can get secrets -->
-+		<deny send_interface="org.freedesktop.NetworkManagerSettings.Secrets"/>
++		<deny send_destination="org.freedesktop.NetworkManagerUserSettings"/>
+ 
++		<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
++		       send_interface="org.freedesktop.DBus.Introspectable"/>
  	</policy>
 +
 +	<limit name="max_replies_per_connection">512</limit>

More information about the Pkg-utopia-commits mailing list