Skip to content
Permalink
Browse files Browse the repository at this point in the history
dbus: fix policy to not be overly broad
The DBus policy did not restrict the message destination, allowing any
user to inspect and manipulate any property.

Signed-off-by: Vincent Bernat <vincent@bernat.ch>
  • Loading branch information
vincentbernat committed Nov 23, 2021
1 parent d576010 commit 7977fec
Showing 1 changed file with 8 additions and 5 deletions.
13 changes: 8 additions & 5 deletions keepalived/dbus/org.keepalived.Vrrp1.conf
Expand Up @@ -3,12 +3,15 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.keepalived.Vrrp1"/>
<allow send_destination="org.keepalived.Vrrp1"/>
<allow own="org.keepalived.Vrrp1" />
<allow send_destination="org.keepalived.Vrrp1" />
</policy>
<policy context="default">
<allow send_interface="org.freedesktop.DBus.Introspectable" />
<allow send_interface="org.freedesktop.DBus.Peer" />
<allow send_interface="org.freedesktop.DBus.Properties" />
<allow send_destination="org.keepalived.Vrrp1"
send_interface="org.freedesktop.DBus.Introspectable" />
<allow send_destination="org.keepalived.Vrrp1"
send_interface="org.freedesktop.DBus.Peer" />
<allow send_destination="org.keepalived.Vrrp1"
send_interface="org.freedesktop.DBus.Properties" />
</policy>
</busconfig>

0 comments on commit 7977fec

Please sign in to comment.