and prevent unexpected traffic.</para>
-<para>Currently, the system bus has a default-deny policy for sending method calls
-and owning bus names. Everything else, in particular reply messages, receive
-checks, and signals has a default allow policy.</para>
+<para>
+ Currently, the system bus has a default-deny policy for sending method calls
+ and owning bus names, and a default-allow policy for receiving messages,
+ sending signals, and sending a single success or error reply for each
+ method call that does not have the <literal>NO_REPLY</literal> flag.
+ Sending more than the expected number of replies is not allowed.
+</para>
<para>In general, it is best to keep system services as small, targeted programs which