Commit 7d1f7257 authored by Thomas Haller's avatar Thomas Haller

firewall: merge branch 'th/firewall-dbus-policy-rh1436770'

https://bugzilla.redhat.com/show_bug.cgi?id=1436770
parents ec3a9c06 cc1d409b
...@@ -263,14 +263,16 @@ _handle_dbus (GObject *proxy, GAsyncResult *result, gpointer user_data) ...@@ -263,14 +263,16 @@ _handle_dbus (GObject *proxy, GAsyncResult *result, gpointer user_data)
non_error = "UNKNOWN_INTERFACE"; non_error = "UNKNOWN_INTERFACE";
break; break;
} }
if (!g_strcmp0 (error->message, non_error)) { if ( error->message
&& non_error
&& g_str_has_prefix (error->message, non_error)
&& NM_IN_SET (error->message[strlen (non_error)], '\0', ':')) {
_LOGD (info, "complete: request failed with a non-error (%s)", error->message); _LOGD (info, "complete: request failed with a non-error (%s)", error->message);
/* The operation failed with an error reason that we don't want /* The operation failed with an error reason that we don't want
* to propagate. Instead, signal success. */ * to propagate. Instead, signal success. */
g_clear_error (&error); g_clear_error (&error);
} } else
else
_LOGW (info, "complete: request failed (%s)", error->message); _LOGW (info, "complete: request failed (%s)", error->message);
} else } else
_LOGD (info, "complete: success"); _LOGD (info, "complete: success");
......
...@@ -11,8 +11,8 @@ ...@@ -11,8 +11,8 @@
<allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/> <allow send_interface="org.freedesktop.NetworkManager.SecretAgent"/>
<!-- These are there because some broken policies do <!-- These are there because some broken policies do
<deny send_interface="..." /> (see dbus-daemon(8) for details). <deny send_interface="..." /> (see dbus-daemon(8) for details).
This seems to override that for the known VPN plugins. This seems to override that for the known VPN plugins.
--> -->
<allow send_destination="org.freedesktop.NetworkManager.openconnect"/> <allow send_destination="org.freedesktop.NetworkManager.openconnect"/>
<allow send_destination="org.freedesktop.NetworkManager.openswan"/> <allow send_destination="org.freedesktop.NetworkManager.openswan"/>
...@@ -27,6 +27,8 @@ ...@@ -27,6 +27,8 @@
<allow send_destination="org.freedesktop.NetworkManager.strongswan"/> <allow send_destination="org.freedesktop.NetworkManager.strongswan"/>
<allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/> <allow send_interface="org.freedesktop.NetworkManager.VPN.Plugin"/>
<allow send_destination="org.fedoraproject.FirewallD1"/>
<!-- Allow the custom name for the dnsmasq instance spawned by NM <!-- Allow the custom name for the dnsmasq instance spawned by NM
from the dns dnsmasq plugin to own it's dbus name, and for from the dns dnsmasq plugin to own it's dbus name, and for
messages to be sent to it. messages to be sent to it.
...@@ -39,7 +41,7 @@ ...@@ -39,7 +41,7 @@
<deny send_destination="org.freedesktop.NetworkManager"/> <deny send_destination="org.freedesktop.NetworkManager"/>
<!-- Basic D-Bus API stuff --> <!-- Basic D-Bus API stuff -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.Introspectable"/> send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
...@@ -47,7 +49,7 @@ ...@@ -47,7 +49,7 @@
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.DBus.ObjectManager"/> send_interface="org.freedesktop.DBus.ObjectManager"/>
<!-- Devices (read-only properties, no methods) --> <!-- Devices (read-only properties, no methods) -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Adsl"/> send_interface="org.freedesktop.NetworkManager.Device.Adsl"/>
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
...@@ -83,17 +85,17 @@ ...@@ -83,17 +85,17 @@
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AccessPoint"/> send_interface="org.freedesktop.NetworkManager.AccessPoint"/>
<!-- Devices (read-only, no security required) --> <!-- Devices (read-only, no security required) -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.WiMax"/> send_interface="org.freedesktop.NetworkManager.Device.WiMax"/>
<!-- Devices (read/write, secured with PolicyKit) --> <!-- Devices (read/write, secured with PolicyKit) -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device.Wireless"/> send_interface="org.freedesktop.NetworkManager.Device.Wireless"/>
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Device"/> send_interface="org.freedesktop.NetworkManager.Device"/>
<!-- Core stuff (read-only properties, no methods) --> <!-- Core stuff (read-only properties, no methods) -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Connection.Active"/> send_interface="org.freedesktop.NetworkManager.Connection.Active"/>
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
...@@ -107,7 +109,7 @@ ...@@ -107,7 +109,7 @@
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.VPN.Connection"/> send_interface="org.freedesktop.NetworkManager.VPN.Connection"/>
<!-- Core stuff (read/write, secured with PolicyKit) --> <!-- Core stuff (read/write, secured with PolicyKit) -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager"/> send_interface="org.freedesktop.NetworkManager"/>
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
...@@ -115,13 +117,13 @@ ...@@ -115,13 +117,13 @@
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.Settings.Connection"/> send_interface="org.freedesktop.NetworkManager.Settings.Connection"/>
<!-- Agents; secured with PolicyKit. Any process can talk to <!-- Agents; secured with PolicyKit. Any process can talk to
the AgentManager API, but only NetworkManager can talk the AgentManager API, but only NetworkManager can talk
to the agents themselves. --> to the agents themselves. -->
<allow send_destination="org.freedesktop.NetworkManager" <allow send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager.AgentManager"/> send_interface="org.freedesktop.NetworkManager.AgentManager"/>
<!-- Root-only functions --> <!-- Root-only functions -->
<deny send_destination="org.freedesktop.NetworkManager" <deny send_destination="org.freedesktop.NetworkManager"
send_interface="org.freedesktop.NetworkManager" send_interface="org.freedesktop.NetworkManager"
send_member="SetLogging"/> send_member="SetLogging"/>
...@@ -139,7 +141,7 @@ ...@@ -139,7 +141,7 @@
<deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/> <deny send_destination="org.freedesktop.NetworkManager.dnsmasq"/>
</policy> </policy>
<limit name="max_replies_per_connection">1024</limit> <limit name="max_replies_per_connection">1024</limit>
<limit name="max_match_rules_per_connection">2048</limit> <limit name="max_match_rules_per_connection">2048</limit>
</busconfig> </busconfig>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment