mirror of
https://gitlab.steamos.cloud/holo/steamos-manager.git
synced 2025-07-18 20:26:39 -04:00
manager: Lock down the communication between the daemons
This is done by starting an additional dbus daemon on a private socket, then passing an fd handle to the user process. Requesting a handle is validated to ensure that the caller is the user daemon, otherwise it returns an error.
This commit is contained in:
Vicki Pfau
parent
194646b8f1
commit
79cd65747d
8 changed files with 216 additions and 27 deletions
18
data/root-dbus.conf
Normal file
18
data/root-dbus.conf
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<type>session</type>
|
||||
<keep_umask/>
|
||||
<listen>unix:tmpdir=/var/run/steamos-manager</listen>
|
||||
<auth>EXTERNAL</auth>
|
||||
<auth>ANONYMOUS</auth>
|
||||
<allow_anonymous/>
|
||||
<policy context="default">
|
||||
<allow send_destination="*" eavesdrop="true"/>
|
||||
<allow eavesdrop="true"/>
|
||||
<deny own="*"/>
|
||||
</policy>
|
||||
<policy user="root">
|
||||
<allow own="*"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
Loading…
Add table
Add a link
Reference in a new issue