dbus - How to blacklist a D-Bus service? - Ask Ubuntu


how can unprivileged user prevent d-bus service launching? example, /usr/share/dbus-1/services/org.bluez.obex.service started session bus. there doesn't seem way "blacklist" it.

it session bus question refers to. know if possible prevent specific services starting on session bus.

the standard systemwide , per-session message bus setups configured in files /usr/share/dbus-1/system.conf , /usr/share/dbus-1/session.conf. these files system-local.conf or session-local.conf in /etc/dbus-1; can put local overrides in files avoid modifying primary configuration files.

the configuration file xml document. must have following doctype declaration:

i believe need modify /usr/share/dbus-1/session.conf /etc/dbus-1 in ubuntu linked to.

note: limits of interest on systemwide bus, not user session buses think can use them on session bus.

the element defines security policy applied particular set of connections bus. policy made of , elements. policies used systemwide bus; analogous firewall in allow expected traffic , prevent unexpected traffic.

policies applied later override applied earlier, when policies overlap. multiple policies same user/group/context applied in order appear in config file.

you can tack on end of /usr/share/dbus-1/session.conf prior </busconfig> line allow access in lp group , deny else. of course you'll need modify match environment , needs.

<policy group="lp">     <allow send_destination="org.bluez"/>     <allow send_destination="org.bluez.obex"/>   </policy>    <policy context="default">     <deny send_destination="org.bluez"/>     <deny send_destination="org.bluez.obex"/>   </policy>

sources:

https://github.com/netblue30/firejail/issues/796 http://www.linuxfromscratch.org/blfs/view/svn/general/dbus.html https://dbus.freedesktop.org/doc/dbus-daemon.1.html https://github.com/ghent360/bluez/blob/master/src/bluetooth.conf


Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried ...
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more