1 <!-- This configuration file controls the systemwide message bus.
2 Add a system-local.conf and edit that rather than changing this
5 <!-- Note that there are any number of ways you can hose yourself
6 security-wise by screwing up this file; in particular, you
7 probably don't want to listen on any more addresses, add any more
8 auth mechanisms, run as a different user, etc. -->
10 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
11 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
14 <!-- Our well-known bus type, do not change this -->
17 <!-- Run as special user -->
18 <!-- <user>root</user> -->
20 <!-- Fork into daemon mode -->
23 <servicedir>/usr/share/dbus-1/services</servicedir>
25 <!-- Write a pid file -->
26 <pidfile>/var/run/messagebus.pid</pidfile>
28 <!-- Enable logging to syslog -->
31 <!-- Only allow socket-credentials-based authentication -->
34 <!-- Only listen on a local socket. (abstract=/path/to/socket
35 means use abstract namespace, don't really create filesystem
36 file; only Linux supports this. Use path=/whatever on other
38 <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
40 <policy context="default">
41 <!-- All users can connect to system bus -->
44 <!-- Holes must be punched in service configuration files for
45 name ownership and sending method calls -->
47 <allow send_type="method_call"/>
49 <!-- Signals and reply messages (method returns, errors) are allowed
51 <allow send_type="signal"/>
52 <allow send_requested_reply="true" send_type="method_return"/>
53 <allow send_requested_reply="true" send_type="error"/>
55 <!-- All messages may be received by default -->
56 <allow receive_type="method_call"/>
57 <allow receive_type="method_return"/>
58 <allow receive_type="error"/>
59 <allow receive_type="signal"/>
61 <!-- Allow anyone to talk to the message bus -->
62 <allow send_destination="org.freedesktop.DBus"/>
63 <!-- But disallow some specific bus services -->
64 <deny send_destination="org.freedesktop.DBus"
65 send_interface="org.freedesktop.DBus"
66 send_member="UpdateActivationEnvironment"/>
69 <!-- Config files are placed here that among other things, punch
70 holes in the above policy for specific services. -->
71 <includedir>system.d</includedir>
73 <!-- This is included last so local configuration can override what's
74 in this standard file -->
75 <include ignore_missing="yes">system-local.conf</include>
77 <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>