> From: Tom Gundersen <teg@xxxxxxx> > > As described in [0], this likely did not have the intended effect, so > simply remove it. The change in behavior is that up until this patch > it would be possible for any non-system user to potentially gain access > to selinux' dbus interface. Now this is extended to also allow any > system user. > > As the comment indicates, PolicyKit is used to enforce access, so this > should be perfectly harmless. > > [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html> > > Signed-off-by: Tom Gundersen <teg@xxxxxxx> > CC: David Herrmann <dh.herrmann@xxxxxxxxx> Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> > --- > > This patch is from PR 113 - https://github.com/SELinuxProject/selinux/pull/113 > > dbus/org.selinux.conf | 6 +----- > 1 file changed, 1 insertion(+), 5 deletions(-) > > diff --git a/dbus/org.selinux.conf b/dbus/org.selinux.conf > index a3509781..1ae079d2 100644 > --- a/dbus/org.selinux.conf > +++ b/dbus/org.selinux.conf > @@ -12,12 +12,8 @@ > > <!-- Allow anyone to invoke methods on the interfaces, > authorization is performed by PolicyKit --> > - <policy at_console="true"> > - <allow send_destination="org.selinux"/> > - </policy> > <policy context="default"> > - <allow send_destination="org.selinux" > - send_interface="org.freedesktop.DBus.Introspectable"/> > + <allow send_destination="org.selinux"/> > </policy> > > </busconfig>
