Petr Lautrbach <plautrba@xxxxxxxxxx> writes: >> From: Tom Gundersen <teg@xxxxxxx> >> >> As described in [0], this likely did not have the intended effect, so >> simply remove it. The change in behavior is that up until this patch >> it would be possible for any non-system user to potentially gain access >> to selinux' dbus interface. Now this is extended to also allow any >> system user. >> >> As the comment indicates, PolicyKit is used to enforce access, so this >> should be perfectly harmless. >> >> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html> >> >> Signed-off-by: Tom Gundersen <teg@xxxxxxx> >> CC: David Herrmann <dh.herrmann@xxxxxxxxx> > > Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> Merged. Thanks! >> --- >> >> This patch is from PR 113 - https://github.com/SELinuxProject/selinux/pull/113 >> >> dbus/org.selinux.conf | 6 +----- >> 1 file changed, 1 insertion(+), 5 deletions(-) >> >> diff --git a/dbus/org.selinux.conf b/dbus/org.selinux.conf >> index a3509781..1ae079d2 100644 >> --- a/dbus/org.selinux.conf >> +++ b/dbus/org.selinux.conf >> @@ -12,12 +12,8 @@ >> >> <!-- Allow anyone to invoke methods on the interfaces, >> authorization is performed by PolicyKit --> >> - <policy at_console="true"> >> - <allow send_destination="org.selinux"/> >> - </policy> >> <policy context="default"> >> - <allow send_destination="org.selinux" >> - send_interface="org.freedesktop.DBus.Introspectable"/> >> + <allow send_destination="org.selinux"/> >> </policy> >> >> </busconfig>
