diff options
Diffstat (limited to 'web-gui/login/dbus-session.conf.in')
-rw-r--r-- | web-gui/login/dbus-session.conf.in | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/web-gui/login/dbus-session.conf.in b/web-gui/login/dbus-session.conf.in new file mode 100644 index 0000000..447378c --- /dev/null +++ b/web-gui/login/dbus-session.conf.in @@ -0,0 +1,86 @@ +<!-- This configuration file controls the per-user-login-session message bus. + Add a session-local.conf and edit that rather than changing this + file directly. --> + +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> +<busconfig> + <!-- Our well-known bus type, don't change this --> + <type>session</type> + + <!-- If we fork, keep the user's original umask to avoid affecting + the behavior of child processes. --> + <keep_umask/> + + <listen>unix:tmpdir=/tmp</listen> + + <standard_session_servicedirs /> + + <policy context="default"> + <!-- Deny everything then punch holes --> + <deny send_interface="*"/> + <deny receive_interface="*"/> + <deny own="*"/> + <allow user="@USER_ROLE@"/> + <allow user="@ADMIN_ROLE@"/> + + <allow send_destination="org.freedesktop.DBus"/> + <allow receive_sender="org.freedesktop.DBus"/> + <!-- allow sending valid replies --> + <allow send_requested_reply="true" send_type="method_return"/> + <allow send_requested_reply="true" send_type="error"/> + <!-- allow receiving valid replies --> + <allow receive_requested_reply="true"/> + </policy> + <policy user="@LIGHTTPD_USER@"> + <allow send_interface="*"/> + <allow receive_interface="*"/> + <!-- Allow everything to be sent --> + <allow send_destination="*" eavesdrop="true"/> + <!-- Allow everything to be received --> + <allow eavesdrop="true"/> + <!-- Allow anyone to own anything --> + <allow own="*"/> + </policy> + + <policy user="@USER_ROLE@"> + <allow send_interface="com.pengutronix.jdb.Hello" send_member="HelloUser" /> + <deny send_interface="com.pengutronix.jdb.Hello" send_member="HelloAdmin" /> + <allow send_interface="com.pengutronix.jdb.Hello" send_member="HelloWorld" /> + </policy> + <policy user="@ADMIN_ROLE@"> + <deny send_interface="com.pengutronix.jdb.Hello" send_member="HelloUser" /> + <allow send_interface="com.pengutronix.jdb.Hello" send_member="HelloAdmin" /> + <allow send_interface="com.pengutronix.jdb.Hello" send_member="HelloWorld" /> + </policy> + + <!-- This is included last so local configuration can override what's + in this standard file --> + <include ignore_missing="yes">session-local.conf</include> + + <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include> + + <!-- For the session bus, override the default relatively-low limits + with essentially infinite limits, since the bus is just running + as the user anyway, using up bus resources is not something we need + to worry about. In some cases, we do set the limits lower than + "all available memory" if exceeding the limit is almost certainly a bug, + having the bus enforce a limit is nicer than a huge memory leak. But the + intent is that these limits should never be hit. --> + + <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max --> + <limit name="max_incoming_bytes">1000000000</limit> + <limit name="max_outgoing_bytes">1000000000</limit> + <limit name="max_message_size">1000000000</limit> + <limit name="service_start_timeout">120000</limit> + <limit name="auth_timeout">240000</limit> + <limit name="max_completed_connections">100000</limit> + <limit name="max_incomplete_connections">10000</limit> + <limit name="max_connections_per_user">100000</limit> + <limit name="max_pending_service_starts">10000</limit> + <limit name="max_names_per_connection">50000</limit> + <limit name="max_match_rules_per_connection">50000</limit> + <limit name="max_replies_per_connection">50000</limit> + <limit name="reply_timeout">300000</limit> + +</busconfig> |