IFP: Restrict destination

> sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Domains"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Users"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Groups"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Cache"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > sssd-dbus.x86_64: E: dbus-policy-allow-without-destination <allow send_interface="org.freedesktop.sssd.infopipe.Components"/> /usr/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf > 'allow' directives must always specify a 'send_destination'. Signed-off-by: Samuel Cabrero <[email protected]>
SSSD · Jan 22, 2025 · dfd4122 · dfd4122
1 parent d223213
commit dfd4122
Showing 1 changed file with 20 additions and 10 deletions.
diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.conf.in b/src/responder/ifp/org.freedesktop.sssd.infopipe.conf.in
@@ -28,19 +28,29 @@
            send_interface="org.freedesktop.DBus.Properties"
            send_member="Set"/>
 
-    <allow send_interface="org.freedesktop.sssd.infopipe"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Domains"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Cache"/>
-    <allow send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Domains"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Domains.Domain"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Users"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Groups"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Cache"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Cache.Object"/>
   </policy>
 
   <policy user="root">
-    <allow send_interface="org.freedesktop.sssd.infopipe.Components"/>
+    <allow send_destination="org.freedesktop.sssd.infopipe"
+           send_interface="org.freedesktop.sssd.infopipe.Components"/>
   </policy>
 
 </busconfig>