org.freedesktop.sssd.infopipe.conf revision 8fe171bf5a7a570591418e6548105f1d5a0097b3
967e5f3c25249c779575864692935627004d3f9eChristian Maeder<?xml version="1.0"?> <!--*-nxml-*-->
967e5f3c25249c779575864692935627004d3f9eChristian Maeder<!DOCTYPE busconfig PUBLIC
967e5f3c25249c779575864692935627004d3f9eChristian Maeder "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
967e5f3c25249c779575864692935627004d3f9eChristian Maeder "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
967e5f3c25249c779575864692935627004d3f9eChristian Maeder<busconfig>
967e5f3c25249c779575864692935627004d3f9eChristian Maeder
967e5f3c25249c779575864692935627004d3f9eChristian Maeder <!-- This configuration file specifies the required security policies
62599a910de0701b0f9461e534a43d5900131c55Christian Maeder for the SSSD InfoPipe to work. -->
967e5f3c25249c779575864692935627004d3f9eChristian Maeder
967e5f3c25249c779575864692935627004d3f9eChristian Maeder <!-- Only root can own (provide) the SSSD service -->
967e5f3c25249c779575864692935627004d3f9eChristian Maeder <policy user="root">
967e5f3c25249c779575864692935627004d3f9eChristian Maeder <allow own="org.freedesktop.sssd.infopipe"/>
967e5f3c25249c779575864692935627004d3f9eChristian Maeder </policy>
967e5f3c25249c779575864692935627004d3f9eChristian Maeder
967e5f3c25249c779575864692935627004d3f9eChristian Maeder <!-- Allow all methods on the interface -->
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <!-- Right now, this will be handled by a limited ACL
967e5f3c25249c779575864692935627004d3f9eChristian Maeder within the InfoPipe Daemon. -->
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <policy context="default">
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_destination="org.freedesktop.sssd.infopipe"
967e5f3c25249c779575864692935627004d3f9eChristian Maeder send_interface="org.freedesktop.DBus.Introspectable"/>
62599a910de0701b0f9461e534a43d5900131c55Christian Maeder
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_destination="org.freedesktop.sssd.infopipe"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_interface="org.freedesktop.DBus.Properties"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_member="GetAll"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_destination="org.freedesktop.sssd.infopipe"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_interface="org.freedesktop.DBus.Properties"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_member="Get"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_destination="org.freedesktop.sssd.infopipe"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_interface="org.freedesktop.DBus.Properties"
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder send_member="Set"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_interface="org.freedesktop.sssd.infopipe"/>
62599a910de0701b0f9461e534a43d5900131c55Christian Maeder <allow send_interface="org.freedesktop.sssd.infopipe.Users"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_interface="org.freedesktop.sssd.infopipe.Users.User"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_interface="org.freedesktop.sssd.infopipe.Groups"/>
62599a910de0701b0f9461e534a43d5900131c55Christian Maeder <allow send_interface="org.freedesktop.sssd.infopipe.Groups.Group"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder </policy>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <policy user="root">
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder <allow send_interface="org.freedesktop.sssd.infopipe.Components"/>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder </policy>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder</busconfig>
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder