1 <!-- This configuration file controls the systemwide message bus.
2 Add a system-local.conf and edit that rather than changing this
5 <!-- Note that there are any number of ways you can hose yourself
6 security-wise by screwing up this file; in particular, you
7 probably don't want to listen on any more addresses, add any more
8 auth mechanisms, run as a different user, etc. -->
10 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
11 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
14 <!-- Our well-known bus type, do not change this -->
17 <!-- Run as special user -->
18 <user>messagebus</user>
20 <!-- Fork into daemon mode -->
23 <!-- Write a pid file -->
24 <pidfile>@DBUS_SYSTEM_PID_FILE@</pidfile>
26 <!-- Only allow socket-credentials-based authentication -->
29 <!-- Only listen on a local socket. (abstract=/path/to/socket
30 means use abstract namespace, don't really create filesystem
31 file; only Linux supports this. Use path=/whatever on other
33 <listen>@DBUS_SYSTEM_BUS_DEFAULT_ADDRESS@</listen>
35 <policy context="default">
36 <!-- Deny everything then punch holes -->
37 <deny send_interface="*"/>
38 <deny receive_interface="*"/>
40 <!-- But allow all users to connect -->
42 <!-- Allow anyone to talk to the message bus -->
43 <!-- FIXME I think currently these allow rules are always implicit
44 even if they aren't in here -->
45 <allow send_destination="org.freedesktop.DBus"/>
46 <allow receive_sender="org.freedesktop.DBus"/>
47 <!-- valid replies are always allowed -->
48 <allow requested_reply="true"/>
51 <!-- Config files are placed here that among other things, punch
52 holes in the above policy for specific services. -->
53 <includedir>system.d</includedir>
55 <!-- This is included last so local configuration can override what's
56 in this standard file -->
57 <include ignore_missing="yes">system-local.conf</include>
projects / platform / upstream / dbus.git / blob