add missing configuration files

diff --git a/packaging/dbus-user.service b/packaging/dbus-user.service
new file mode 100644 (file)
index 0000000..cd1358e
--- /dev/null
+++ b/packaging/dbus-user.service
@@ -0,0 +1,13 @@
+
+#
+# This is the D-Bus service for the session
+#
+
+[Unit]
+Description=D-Bus Session Message Bus
+Requires=dbus.socket
+
+[Service]
+ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --systemd-activation
+ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
+OOMScoreAdjust=-850

diff --git a/packaging/dbus-user.socket b/packaging/dbus-user.socket
new file mode 100644 (file)
index 0000000..06b01a5
--- /dev/null
+++ b/packaging/dbus-user.socket
@@ -0,0 +1,10 @@
+
+#
+# This is the D-Bus socket for the session bus
+#
+
+[Unit]
+Description=D-Bus Session Message Bus Socket
+
+[Socket]
+ListenStream=%t/dbus/user_bus_socket

diff --git a/packaging/system.conf b/packaging/system.conf
new file mode 100755 (executable)
index 0000000..9493882
--- /dev/null
+++ b/packaging/system.conf
@@ -0,0 +1,79 @@
+<!-- This configuration file controls the systemwide message bus.
+     Add a system-local.conf and edit that rather than changing this
+     file directly. -->
+
+<!-- Note that there are any number of ways you can hose yourself
+     security-wise by screwing up this file; in particular, you
+     probably don't want to listen on any more addresses, add any more
+     auth mechanisms, run as a different user, etc. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Our well-known bus type, do not change this -->
+  <type>system</type>
+
+  <!-- Run as special user -->
+  <!-- <user>root</user> -->
+
+  <!-- Fork into daemon mode -->
+  <fork/>
+
+  <servicedir>/usr/share/dbus-1/services</servicedir>
+
+  <!-- Write a pid file -->
+  <pidfile>/var/run/messagebus.pid</pidfile>
+
+  <!-- Enable logging to syslog -->
+  <syslog/>
+
+  <!-- Only allow socket-credentials-based authentication -->
+  <auth>EXTERNAL</auth>
+
+  <!-- Only listen on a local socket. (abstract=/path/to/socket
+       means use abstract namespace, don't really create filesystem
+       file; only Linux supports this. Use path=/whatever on other
+       systems.) -->
+  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
+
+  <policy context="default">
+    <!-- All users can connect to system bus -->
+    <allow user="*"/>
+
+    <!-- Holes must be punched in service configuration files for
+         name ownership and sending method calls -->
+    <allow own="*"/>
+    <allow send_type="method_call"/>
+
+    <!-- Signals and reply messages (method returns, errors) are allowed
+         by default -->
+    <allow send_type="signal"/>
+    <allow send_requested_reply="true" send_type="method_return"/>
+    <allow send_requested_reply="true" send_type="error"/>
+
+    <!-- All messages may be received by default -->
+    <allow receive_type="method_call"/>
+    <allow receive_type="method_return"/>
+    <allow receive_type="error"/>
+    <allow receive_type="signal"/>
+
+    <!-- Allow anyone to talk to the message bus -->
+    <allow send_destination="org.freedesktop.DBus"/>
+    <!-- But disallow some specific bus services -->
+    <deny send_destination="org.freedesktop.DBus"
+          send_interface="org.freedesktop.DBus"
+          send_member="UpdateActivationEnvironment"/>
+  </policy>
+
+  <!-- Config files are placed here that among other things, punch
+       holes in the above policy for specific services. -->
+  <includedir>system.d</includedir>
+
+  <!-- This is included last so local configuration can override what's
+       in this standard file -->
+  <include ignore_missing="yes">system-local.conf</include>
+
+  <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+</busconfig>