severity 510633 normal tags 510633 + patch thanks powersaved doesn't actually implement introspection, so bug #510633 isn't a regression. Please test powersaved with the new dbus package - I suspect it'll work fine.
In fact, in a way rejecting the introspection messages is better, since
it means introspection will fail immediately, rather than after 25
seconds... I'll file a separate bug about that.
The attached patch is untested, but I think it provides a fairly sensible
policy. It applies after all the current Debian patches.
Simon
diff --git a/config_files/dbus_powersave.conf b/config_files/dbus_powersave.conf
index 358f45f..682a39c 100644
--- a/config_files/dbus_powersave.conf
+++ b/config_files/dbus_powersave.conf
@@ -11,38 +11,54 @@
<deny own="com.novell.powersave.scripts"/>
<deny own="org.freedesktop.Policy.Power"/>
- <deny send_interface="com.novell.powersave"/>
- <deny send_interface="com.novell.powersave.scripts"/>
-
- <deny receive_interface="com.novell.powersave"/>
- <deny receive_interface="com.novell.powersave.scripts"/>
+ <deny send_destination="com.novell.powersave"/>
+ <deny receive_sender="com.novell.powersave"/>
</policy>
<!-- Only root is allowed to own the powersave service -->
<policy user="root">
<allow own="com.novell.powersave"/>
+ <!-- doesn't actually seem to be used:
<allow own="com.novell.powersave.scripts"/>
+ -->
<allow own="org.freedesktop.Policy.Power"/>
- <allow send_interface="com.novell.powersave"/>
- <allow send_interface="com.novell.powersave.scripts"/>
+ <!-- should be allowed when the code supports it, but until then
+ it's actually better that it's denied - then at least callers will get an
+ error back!
+ <allow send_destination="com.novell.powersave"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ -->
+ <allow send_destination="com.novell.powersave"
+ send_interface="com.novell.powersave"/>
+ <allow send_destination="com.novell.powersave"
+ send_interface="com.novell.powersave.scripts"/>
- <allow receive_interface="com.novell.powersave"/>
- <allow receive_interface="com.novell.powersave.scripts"/>
+ <allow receive_sender="com.novell.powersave"/>
</policy>
<!-- Allow desktop users to connect -->
<policy at_console="true">
- <allow send_interface="com.novell.powersave"/>
+ <!-- should be allowed when the code supports it:
+ <allow send_destination="com.novell.powersave"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ -->
+ <allow send_destination="com.novell.powersave"
+ send_interface="com.novell.powersave"/>
<allow own="org.freedesktop.Policy.Power"/>
- <allow receive_interface="com.novell.powersave"/>
+ <allow receive_sender="com.novell.powersave"/>
</policy>
<policy group="powerdev">
- <allow send_interface="com.novell.powersave"/>
+ <!-- should be allowed when the code supports it:
+ <allow send_destination="com.novell.powersave"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ -->
+ <allow send_destination="com.novell.powersave"
+ send_interface="com.novell.powersave"/>
<allow own="org.freedesktop.Policy.Power"/>
- <allow receive_interface="com.novell.powersave"/>
+ <allow receive_sender="com.novell.powersave"/>
</policy>
</busconfig>
signature.asc
Description: Digital signature
