It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to wpa_supplicant, such as NetworkManager communication with the VPN plugins. >From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Signed-off-by: Lubomir Rintel <lkundrak@xxxxx> --- Clarified the commit message a bit compared to the previous posting. wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf index c091234..382dcb3 100644 --- a/wpa_supplicant/dbus/dbus-wpa_supplicant.conf +++ b/wpa_supplicant/dbus/dbus-wpa_supplicant.conf @@ -17,11 +17,9 @@ <policy context="default"> <deny own="fi.epitest.hostap.WPASupplicant"/> <deny send_destination="fi.epitest.hostap.WPASupplicant"/> - <deny send_interface="fi.epitest.hostap.WPASupplicant"/> <deny own="fi.w1.wpa_supplicant1"/> <deny send_destination="fi.w1.wpa_supplicant1"/> - <deny send_interface="fi.w1.wpa_supplicant1"/> <deny receive_sender="fi.w1.wpa_supplicant1" receive_type="signal"/> </policy> </busconfig> -- 2.5.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap