nm: Don't do <deny send_interface="..." /> in dbus service file

It does more than intended; apart from denying messages to that particular interface it also denies all messages non-qualified with an interface globally. This blocks messages completely unrelated to strongSwan's VPN plugin, such as NetworkManager communication with the VPN plugins. From the dbus-daemon manual: Be careful with send_interface/receive_interface, because the interface field in messages is optional. In particular, do NOT specify <deny send_interface="org.foo.Bar"/>! This will cause no-interface messages to be blocked for all services, which is almost certainly not what you intended. Always use rules of the form: <deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/> We can just safely remove those rules, since we're sufficiently protected by the send_destination matches and method calls are disallowed by default anyway. Closes strongswan/strongswan#42.
2016-04-16 20:39:45 +02:00 · 2016-04-16 20:39:45 +02:00 · 1579779119
parent 916cd5d7ca
commit 1579779119
1 changed files with 0 additions and 1 deletions
--- a/src/charon-nm/nm-strongswan-service.conf
+++ b/src/charon-nm/nm-strongswan-service.conf
@ -10,7 +10,6 @@
 	<policy context="default">
 		<deny own="org.freedesktop.NetworkManager.strongswan"/>
 		<deny send_destination="org.freedesktop.NetworkManager.strongswan"/>
-		<deny send_interface="org.freedesktop.NetworkManager.strongswan"/>
 	</policy>
 </busconfig>