Opened 8 years ago
Last modified 8 years ago
#1200 new enhancement/feature request
Missing config file for using the system D-Bus
Reported by: | tuxmaster | Owned by: | cp15 |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | dbus | Version: | git master |
Severity: | normal | Keywords: | |
Cc: |
Description
Hello, when using the system bus as an alternative to the session bus, then an special configure file will be needed for security reasons. It must be placed under /etc/dbus-1/system.d/.
I have attached it for review.
Attachments (1)
Change History (6)
Changed 8 years ago by tuxmaster
comment:1 Changed 8 years ago by usul
Thanks for your submission. I'm not sure if I understood what this is all about, can you please give us a bit more information?
comment:2 Changed 8 years ago by tuxmaster
Yes of course, when navit is build to run on the system d-bus (witch was default at me without modify any cmake options) all access to it written here(http://wiki.navit-project.org/index.php/Dbus) are rejected. This will happened, because all access on the system d-bus are restricted. Only the session d-bus are relative relax. So you must provide an access rule file like this in my attachment for the system d-bus to get navit run.
comment:3 Changed 8 years ago by tryagain
Hi!
Wouldn't it be better to switch our default to use session dbus?
I'm not familiar with dbus, but word 'system' turns my paranoid mode on. It could be a security risk to allow other users in system control navit by default.
Also, all examples on wiki seem to connect to session dbus.
tryagain.
comment:4 Changed 8 years ago by tuxmaster
Hello, I think is some more complex. As I know sessions bus is limit to the current user, so that only the user owned the process can used the dbus for navit. When it shut work above user boarders then the system bus is needed. Here must be defined which function can be called by which user/group.
comment:5 Changed 8 years ago by sleske
I have not looked deeply into this issue either, but I tend to agree with tryagain.
Using the system DBus, and modifying system-wide configuration seems dangerous and unnecessary. I do not see the need to control Navit from a user different from the one it is running under. So the default should probably be switched to use session DBus.
The D-Bus configurstion file