dbus - How to blacklist a D-Bus service? - Ask Ubuntu

how can unprivileged user prevent d-bus service launching? example, /usr/share/dbus-1/services/org.bluez.obex.service started session bus. there doesn't seem way "blacklist" it.

it session bus question refers to. know if possible prevent specific services starting on session bus.

the standard systemwide , per-session message bus setups configured in files /usr/share/dbus-1/system.conf , /usr/share/dbus-1/session.conf. these files system-local.conf or session-local.conf in /etc/dbus-1; can put local overrides in files avoid modifying primary configuration files.

the configuration file xml document. must have following doctype declaration:

i believe need modify /usr/share/dbus-1/session.conf /etc/dbus-1 in ubuntu linked to.

note: limits of interest on systemwide bus, not user session buses think can use them on session bus.

the element defines security policy applied particular set of connections bus. policy made of , elements. policies used systemwide bus; analogous firewall in allow expected traffic , prevent unexpected traffic.

policies applied later override applied earlier, when policies overlap. multiple policies same user/group/context applied in order appear in config file.

you can tack on end of /usr/share/dbus-1/session.conf prior </busconfig> line allow access in lp group , deny else. of course you'll need modify match environment , needs.

<policy group="lp">     <allow send_destination="org.bluez"/>     <allow send_destination="org.bluez.obex"/>   </policy>    <policy context="default">     <deny send_destination="org.bluez"/>     <deny send_destination="org.bluez.obex"/>   </policy> 

sources:

https://github.com/netblue30/firejail/issues/796 http://www.linuxfromscratch.org/blfs/view/svn/general/dbus.html https://dbus.freedesktop.org/doc/dbus-daemon.1.html https://github.com/ghent360/bluez/blob/master/src/bluetooth.conf