diff options
author | Simon McVittie <smcv@collabora.com> | 2017-07-19 17:56:38 +0100 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2017-07-28 11:36:51 +0100 |
commit | b22bdc39fd28e1461c337edd6a717fadfb3647b8 (patch) | |
tree | 87ea4ef8c4ef4cb86416afb8138786e490cf82b2 /doc | |
parent | f876edd342b87815a55baf65fa7c2fe2aad5e92e (diff) | |
download | dbus-b22bdc39fd28e1461c337edd6a717fadfb3647b8.tar.gz |
policy: Add max_fds, min_fds qualifiers for send, receive rules
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101848
Reviewed-by: Thiago Macieira <thiago@kde.org>
[smcv: Revert an incorrect comment change]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/dbus-daemon.1.xml.in | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/dbus-daemon.1.xml.in b/doc/dbus-daemon.1.xml.in index 067fdcd5..b029232d 100644 --- a/doc/dbus-daemon.1.xml.in +++ b/doc/dbus-daemon.1.xml.in @@ -906,6 +906,13 @@ rules in the config file allow it).</para> recipient, and any broadcast message). </para> +<para> + The <literal>eavesdrop</literal>, <literal>min_fds</literal> and + <literal>max_fds</literal> attributes are modifiers that can be applied + to either <literal>send_</literal>* or <literal>receive_</literal>* + rules, and are documented below. +</para> + <para>send_destination and receive_sender rules mean that messages may not be sent to or received from the *owner* of the given name, not that they may not be sent *to that name*. That is, if a connection @@ -969,6 +976,19 @@ the rule matches only when the reply was not requested. [send|receive]_requested_reply="true" indicates that the rule applies always, regardless of pending reply state.</para> +<para> + The <literal>min_fds</literal> and <literal>max_fds</literal> attributes + modify either <literal>send_</literal>* or <literal>receive_</literal>* + rules. A rule with the <literal>min_fds</literal> attribute only matches + messages if they have at least that many Unix file descriptors attached. + Conversely, a rule with the <literal>max_fds</literal> attribute only + matches messages if they have no more than that many file descriptors + attached. In practice, rules with these attributes will most commonly + take the form + <literal><allow send_destination="…" max_fds="0"/></literal>, + <literal><deny send_destination="…" min_fds="1"/></literal> or + <literal><deny receive_sender="*" min_fds="1"/></literal>. +</para> <para> Rules with the <literal>user</literal> or <literal>group</literal> |