diff options
author | Jan-Michael Brummer <jan.brummer@tabos.org> | 2023-03-27 16:09:19 +0200 |
---|---|---|
committer | Jan-Michael Brummer <jan.brummer@tabos.org> | 2023-03-27 16:31:58 +0200 |
commit | cc1140f1d17aafe4f6ed702b2ff23f1b1341f7c1 (patch) | |
tree | e44bb2822589ec8604b667a6e1378967b2a86823 | |
parent | 15927df7c3d4eca3bc8ae9f0fa59343752b75b08 (diff) | |
download | libproxy-git-cc1140f1d17aafe4f6ed702b2ff23f1b1341f7c1.tar.gz |
Set dbus bus owner in config file (#110)
-rw-r--r-- | src/backend/dbus/meson.build | 20 | ||||
-rw-r--r-- | src/backend/dbus/org.libproxy.proxy.conf.in (renamed from src/backend/dbus/org.libproxy.proxy.conf) | 11 |
2 files changed, 25 insertions, 6 deletions
diff --git a/src/backend/dbus/meson.build b/src/backend/dbus/meson.build index 250a105..107e401 100644 --- a/src/backend/dbus/meson.build +++ b/src/backend/dbus/meson.build @@ -6,7 +6,6 @@ if build_dbus dbus_interfaces_dir = join_paths(dbus_data_dir, 'interfaces') dbus_user_services_dir = join_paths(dbus_data_dir, 'services') dbus_system_services_dir = join_paths(dbus_data_dir, 'system-services') - dbus_user_conf_dir = join_paths(dbus_data_dir, 'session.d') dbus_system_conf_dir = join_paths(dbus_data_dir, 'system.d') px_interface = [ @@ -62,13 +61,13 @@ if build_dbus # D-Bus User Service user_service_data = configuration_data() user_service_data.set('LIBEXECDIR', join_paths(px_prefix, get_option('libexecdir'))) - dbus_user_service = configure_file( + configure_file( input: 'org.libproxy.proxy.service.in', output: 'org.libproxy.proxy.service', - configuration: user_service_data + configuration: user_service_data, + install: true, + install_dir: dbus_user_services_dir ) - install_data(dbus_user_service, install_dir : dbus_user_services_dir) - install_data('org.libproxy.proxy.conf', install_dir : dbus_user_conf_dir) # D-Bus System Service system_service_data = configuration_data() @@ -80,5 +79,14 @@ if build_dbus configuration: system_service_data ) install_data(dbus_system_service, rename : 'org.libproxy.proxy.service', install_dir : dbus_system_services_dir) - install_data('org.libproxy.proxy.conf', install_dir : dbus_system_conf_dir) + + dbus_config_data = configuration_data() + dbus_config_data.set('daemon_user', get_option('dbus-system-user')) + configure_file( + input: 'org.libproxy.proxy.conf.in', + output: 'org.libproxy.proxy.conf', + configuration: dbus_config_data, + install: true, + install_dir: dbus_system_conf_dir + ) endif diff --git a/src/backend/dbus/org.libproxy.proxy.conf b/src/backend/dbus/org.libproxy.proxy.conf.in index f9232a1..7116729 100644 --- a/src/backend/dbus/org.libproxy.proxy.conf +++ b/src/backend/dbus/org.libproxy.proxy.conf.in @@ -2,9 +2,20 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> + + <!-- This configuration file specifies the required security policies + for the libproxy to work. --> + + <!-- Only user root or user @daemon_user@ can own the libproxy service --> <policy user="root"> <allow own="org.libproxy.proxy"/> </policy> + + <policy user="@daemon_user@"> + <allow own="org.libproxy.proxy"/> + </policy> + + <!-- Allow anyone to call into the service - we'll reject callers using PolicyKit --> <policy context="default"> <allow send_destination="org.libproxy.proxy" send_interface="org.freedesktop.DBus.Introspectable"/> |