diff options
| author | Thomas Haller <thaller@redhat.com> | 2017-04-21 13:39:37 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2017-04-21 13:39:37 +0200 |
| commit | 7d1f725743146a1ff8740bba5f4503a5ddd23a3d (patch) | |
| tree | 49b5b48cb23cfa3082ba1e6afbe2442f693815d4 | |
| parent | ec3a9c0607de22f19015f4335fbabef2e02e135a (diff) | |
| parent | cc1d409ba886e8e7c33f845790cfc700fcd2d854 (diff) | |
| download | NetworkManager-7d1f725743146a1ff8740bba5f4503a5ddd23a3d.tar.gz | |
firewall: merge branch 'th/firewall-dbus-policy-rh1436770'
https://bugzilla.redhat.com/show_bug.cgi?id=1436770
| -rw-r--r-- | src/nm-firewall-manager.c | 8 | ||||
| -rw-r--r-- | src/org.freedesktop.NetworkManager.conf | 30 |
2 files changed, 21 insertions, 17 deletions
diff --git a/src/nm-firewall-manager.c b/src/nm-firewall-manager.c index 045d5abc4c..0d893652f8 100644 --- a/src/nm-firewall-manager.c +++ b/src/nm-firewall-manager.c @@ -263,14 +263,16 @@ _handle_dbus (GObject *proxy, GAsyncResult *result, gpointer user_data) non_error = "UNKNOWN_INTERFACE"; break; } - if (!g_strcmp0 (error->message, non_error)) { + if ( error->message + && non_error + && g_str_has_prefix (error->message, non_error) + && NM_IN_SET (error->message[strlen (non_error)], '\0', ':')) { _LOGD (info, "complete: request failed with a non-error (%s)", error->message); /* The operation failed with an error reason that we don't want * to propagate. Instead, signal success. */ g_clear_error (&error); - } - else + } else _LOGW (info, "complete: request failed (%s)", error->message); } else _LOGD (info, "complete: success"); diff --git a/src/org.freedesktop.NetworkManager.conf b/src/org.freedesktop.NetworkManager.conf index d130f7e271..6be1feb68e 100644 --- a/src/org.freedesktop.NetworkManager.conf +++ b/src/org.freedesktop.NetworkManager.conf @@ -11,8 +11,8 @@ <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/> <!-- These are there because some broken policies do - <deny send_interface="..." /> (see dbus-daemon(8) for details). - This seems to override that for the known VPN plugins. + <deny send_interface="..." /> (see dbus-daemon(8) for details). + This seems to override that for the known VPN plugins. --> <allow send_destination="org.freedesktop.NetworkManager.openconnect"/> <allow send_destination="org.freedesktop.NetworkManager.openswan"/> @@ -27,6 +27,8 @@ <allow send_destination="org.freedesktop.NetworkManager.strongswan"/> <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> + <allow send_destination="org.fedoraproject.FirewallD1"/> + <!-- Allow the custom name for the dnsmasq instance spawned by NM from the dns dnsmasq plugin to own it's dbus name, and for messages to be sent to it. @@ -39,7 +41,7 @@ <deny send_destination="org.freedesktop.NetworkManager"/> - <!-- Basic D-Bus API stuff --> + <!-- Basic D-Bus API stuff --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.DBus.Introspectable"/> <allow send_destination="org.freedesktop.NetworkManager" @@ -47,7 +49,7 @@ <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.DBus.ObjectManager"/> - <!-- Devices (read-only properties, no methods) --> + <!-- Devices (read-only properties, no methods) --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Device.Adsl"/> <allow send_destination="org.freedesktop.NetworkManager" @@ -83,17 +85,17 @@ <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.AccessPoint"/> - <!-- Devices (read-only, no security required) --> + <!-- Devices (read-only, no security required) --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Device.WiMax"/> - <!-- Devices (read/write, secured with PolicyKit) --> + <!-- Devices (read/write, secured with PolicyKit) --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Device.Wireless"/> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Device"/> - <!-- Core stuff (read-only properties, no methods) --> + <!-- Core stuff (read-only properties, no methods) --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Connection.Active"/> <allow send_destination="org.freedesktop.NetworkManager" @@ -107,7 +109,7 @@ <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.VPN.Connection"/> - <!-- Core stuff (read/write, secured with PolicyKit) --> + <!-- Core stuff (read/write, secured with PolicyKit) --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager"/> <allow send_destination="org.freedesktop.NetworkManager" @@ -115,13 +117,13 @@ <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.Settings.Connection"/> - <!-- Agents; secured with PolicyKit. Any process can talk to - the AgentManager API, but only NetworkManager can talk - to the agents themselves. --> + <!-- Agents; secured with PolicyKit. Any process can talk to + the AgentManager API, but only NetworkManager can talk + to the agents themselves. --> <allow send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager.AgentManager"/> - <!-- Root-only functions --> + <!-- Root-only functions --> <deny send_destination="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager" send_member="SetLogging"/> @@ -139,7 +141,7 @@ <deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/> </policy> - <limit name="max_replies_per_connection">1024</limit> - <limit name="max_match_rules_per_connection">2048</limit> + <limit name="max_replies_per_connection">1024</limit> + <limit name="max_match_rules_per_connection">2048</limit> </busconfig> |