[OE-core] [PATCHv2 0/2][fido][dizzy] D-Bus policy fixes

Thu, 01 Oct 2015 01:03:07 -0700 

Changes since v1:
 - move the xuser policy file to {sysconfdir}/dbus-1/system.d/
   as it works just fine from there.


original cover letter follows:

The major patch in the series is the bluez one: Bluez
D-Bus policy was incorrectly written so it actually allowed
access to system services _other than bluetoothd_ overriding
the default deny policy on the system bus. Fixing this may
naturally affect other system services too.

The patches I'm sending are for master but I believe both fido and
dizzy behave similarly. I can send a patch for those as well but
am not sure what to include there: I'm guessing people now have
services running that are expecting an open-by-default system bus --
closing it now will require good release notes at the very least.

So RFC on fido and dizzy: The best I can think of is taking the bluez
patch, patching in an xuser allow policy for bluez, and making the
(practical) policy change very clear in the release notes.

 - Jussi


The following changes since commit 4bc3f0994e68b3302a0523a3156dd0dca0cac7a0:

  bitbake: toaster: move clones into subdirectory (2015-09-29 14:11:39 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib jku/dbus-policy
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/dbus-policy

Jussi Kukkonen (2):
  bluez5: Use upstream D-Bus policy
  xuser-account: Take over xuser specific D-Bus policy

 meta/recipes-connectivity/bluez5/bluez5.inc        |  5 +--
 .../bluez5/bluez5/bluetooth.conf                   | 17 ---------
 meta/recipes-connectivity/connman/connman.inc      |  1 -
 .../connman/add_xuser_dbus_permission.patch        | 43 ----------------------
 meta/recipes-connectivity/connman/connman_1.30.bb  |  1 -
 .../user-creation/files/system-xuser.conf          | 11 ++++++
 .../user-creation/xuser-account_0.1.bb             |  6 ++-
 7 files changed, 17 insertions(+), 67 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bluez5/bluez5/bluetooth.conf
 delete mode 100644 
meta/recipes-connectivity/connman/connman/add_xuser_dbus_permission.patch
 create mode 100644 meta/recipes-support/user-creation/files/system-xuser.conf

-- 
2.1.4

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to