send_interface="org.freedesktop.NetworkManager.PPP"/>
<allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
-
- <!-- Allow NM to talk to known VPN plugins; due to a bug in
- the D-Bus daemon, when a plugin is installed and the user
- immediately tries to use it, the VPN plugin's rules aren't
- always loaded into dbus-daemon. Those rules allow NM to
- talk to the plugin. Oops. Work around that by explicitly
- allowing NM to talk to VPN plugins here.
+ <!-- These are there because some broken policies do
+ <deny send_interface="..." /> (see dbus-daemon(8) for details).
+ This seems to override that for the known VPN plugins.
-->
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
<allow send_destination="org.freedesktop.NetworkManager.openswan"/>
<allow send_destination="org.freedesktop.NetworkManager.libreswan"/>
<allow send_destination="org.freedesktop.NetworkManager.fortisslvpn"/>
<allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
+ <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
+
+ <!-- Allow the custom name for the dnsmasq instance spawned by NM
+ from the dns dnsmasq plugin to own it's dbus name, and for
+ messages to be sent to it.
+ -->
+ <allow own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <allow send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
</policy>
<policy context="default">
<deny own="org.freedesktop.NetworkManager"/>
send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
<!-- Devices (read-only properties, no methods) -->
<allow send_destination="org.freedesktop.NetworkManager"
to the agents themselves. -->
<allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AgentManager"/>
- <deny send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
<!-- Root-only functions -->
- <deny send_interface="org.freedesktop.NetworkManager" send_member="SetLogging"/>
- <deny send_interface="org.freedesktop.NetworkManager" send_member="Sleep"/>
- <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="LoadConnections"/>
- <deny send_interface="org.freedesktop.NetworkManager.Settings" send_member="ReloadConnections"/>
- <deny send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
- <deny send_interface="org.freedesktop.NetworkManager.PPP"/>
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="SetLogging"/>
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager"
+ send_member="Sleep"/>
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Settings"
+ send_member="LoadConnections"/>
+ <deny send_destination="org.freedesktop.NetworkManager"
+ send_interface="org.freedesktop.NetworkManager.Settings"
+ send_member="ReloadConnections"/>
+
+ <deny own="org.freedesktop.NetworkManager.dnsmasq"/>
+ <deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
</policy>
<limit name="max_replies_per_connection">1024</limit>
+ <limit name="max_match_rules_per_connection">2048</limit>
</busconfig>
projects / config / bruni / etc.git / commitdiff