126 lines
5.2 KiB
Text
126 lines
5.2 KiB
Text
<!-- This configuration file controls Anaconda's special session message bus.
|
|
It is based on the /usr/share/dbus-1/session.conf file.
|
|
|
|
Author(s): Jiri Konecny <jkonecny@redhat.com
|
|
-->
|
|
|
|
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
|
|
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
<busconfig>
|
|
<!-- Anaconda's special dbus session -->
|
|
<type>org.fedoraproject.Anaconda</type>
|
|
|
|
<!-- If we fork, keep the user's original umask to avoid affecting
|
|
the behavior of child processes. -->
|
|
<keep_umask/>
|
|
|
|
<listen>unix:tmpdir=/tmp</listen>
|
|
|
|
<!-- On Unix systems, the most secure authentication mechanism is
|
|
EXTERNAL, which uses credential-passing over Unix sockets.
|
|
|
|
Is not suitable for use with the tcp: or nonce-tcp: transports,
|
|
and will not work on obscure flavours of Unix that do not have
|
|
a supported credentials-passing mechanism. On those platforms/transports,
|
|
comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. -->
|
|
<auth>EXTERNAL</auth>
|
|
|
|
<servicedir>services</servicedir>
|
|
|
|
<policy context="default">
|
|
<!-- All users can connect to system bus -->
|
|
<allow user="*"/>
|
|
|
|
<!-- Holes must be punched in service configuration files for
|
|
name ownership and sending method calls -->
|
|
<deny own="*"/>
|
|
<deny send_type="method_call"/>
|
|
|
|
<!-- Signals and reply messages (method returns, errors) are allowed
|
|
by default -->
|
|
<allow send_type="signal"/>
|
|
<allow send_requested_reply="true" send_type="method_return"/>
|
|
<allow send_requested_reply="true" send_type="error"/>
|
|
|
|
<!-- All messages may be received by default -->
|
|
<allow receive_type="method_call"/>
|
|
<allow receive_type="method_return"/>
|
|
<allow receive_type="error"/>
|
|
<allow receive_type="signal"/>
|
|
|
|
<!-- Allow anyone to talk to the message bus -->
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus" />
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus.Properties"/>
|
|
<!-- But disallow some specific bus services -->
|
|
<deny send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus"
|
|
send_member="UpdateActivationEnvironment"/>
|
|
<deny send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus.Debug.Stats"/>
|
|
<deny send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.systemd1.Activator"/>
|
|
</policy>
|
|
|
|
<!-- Only systemd, which runs as root, may report activation failures. -->
|
|
<policy user="root">
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.systemd1.Activator"/>
|
|
</policy>
|
|
|
|
<!-- Only root can update ActivationEnvironment -->
|
|
<policy user="root">
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus"
|
|
send_member="UpdateActivationEnvironment"/>
|
|
</policy>
|
|
|
|
<!-- root may monitor the system bus. -->
|
|
<policy user="root">
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus.Monitoring"/>
|
|
</policy>
|
|
|
|
<!-- If the Stats interface was enabled at compile-time, root may use it. -->
|
|
<policy user="root">
|
|
<allow send_destination="org.freedesktop.DBus"
|
|
send_interface="org.freedesktop.DBus.Debug.Stats"/>
|
|
</policy>
|
|
|
|
<!-- Config files are placed here that among other things,
|
|
further restrict the above policy for specific services. -->
|
|
<includedir>confs</includedir>
|
|
|
|
<include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
|
|
|
|
<!-- For the session bus, override the default relatively-low limits
|
|
with essentially infinite limits, since the bus is just running
|
|
as the user anyway, using up bus resources is not something we need
|
|
to worry about. In some cases, we do set the limits lower than
|
|
"all available memory" if exceeding the limit is almost certainly a bug,
|
|
having the bus enforce a limit is nicer than a huge memory leak. But the
|
|
intent is that these limits should never be hit. -->
|
|
|
|
<!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
|
|
<limit name="max_incoming_bytes">1000000000</limit>
|
|
<limit name="max_incoming_unix_fds">250000000</limit>
|
|
<limit name="max_outgoing_bytes">1000000000</limit>
|
|
<limit name="max_outgoing_unix_fds">250000000</limit>
|
|
<limit name="max_message_size">1000000000</limit>
|
|
<!-- We do not override max_message_unix_fds here since the in-kernel
|
|
limit is also relatively low -->
|
|
<limit name="service_start_timeout">600000</limit>
|
|
<limit name="auth_timeout">240000</limit>
|
|
<limit name="pending_fd_timeout">150000</limit>
|
|
<limit name="max_completed_connections">100000</limit>
|
|
<limit name="max_incomplete_connections">10000</limit>
|
|
<limit name="max_connections_per_user">100000</limit>
|
|
<limit name="max_pending_service_starts">10000</limit>
|
|
<limit name="max_names_per_connection">50000</limit>
|
|
<limit name="max_match_rules_per_connection">50000</limit>
|
|
<limit name="max_replies_per_connection">50000</limit>
|
|
|
|
</busconfig>
|