Hi, Am Donnerstag, den 22.01.2009, 10:27 +0100 schrieb arne anka: > > There are two quite different things configured there: Who can act as > > the frameworkd daemon, and how can talk to the frameworkd daemon. > > wouldn't be a group the better solution? ie a group both frameworkd/dbus > and the user belong to?
Hmm. Not sure: I guess you want to separate between the users who may pretend to be a frameworkd (only root), and those who can use it. Or did I misunderstand you? > > Note that > > > + <allow send_requested_reply="true" send_type="method_call"/> > > > basically disables dbus rights management > > interesting. care to elaborate? > if i read that right, allow method_call means, that everybody is allowed > to call a method? Exactly, therefore this goes around any dbus restrictions on who may call what. > but what's the diff between > <deny own="*"/> > and > <allow user="*"/> I think you can’t say allow user="*", the user flag belongs to a <policy>, which then contains a bunch of <allow> and <deny> stancas. But I haven’t fully understood the complete dbus security syntax either. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer nome...@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ Smartphones-userland mailing list Smartphones-userland@linuxtogo.org http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/smartphones-userland