As described in [0], this likely did not have the intended effect, so
simply remove it. The change in behavior is that up until this patch
it would be possible for root, lp, and any non-system user to potentially
gain access to bluez' dbus interface. Now this is extended to also allow
any system user.
[0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
Signed-off-by: Tom Gundersen <[email protected]>
CC: David Herrmann <[email protected]>
---
src/bluetooth.conf | 12 +-----------
1 file changed, 1 insertion(+), 11 deletions(-)
diff --git a/src/bluetooth.conf b/src/bluetooth.conf
index b67a954a2..8a1e25801 100644
--- a/src/bluetooth.conf
+++ b/src/bluetooth.conf
@@ -22,18 +22,8 @@
<allow send_interface="org.mpris.MediaPlayer2.Player"/>
</policy>
- <policy at_console="true">
- <allow send_destination="org.bluez"/>
- </policy>
-
- <!-- allow users of lp group (printing subsystem) to
- communicate with bluetoothd -->
- <policy group="lp">
- <allow send_destination="org.bluez"/>
- </policy>
-
<policy context="default">
- <deny send_destination="org.bluez"/>
+ <allow send_destination="org.bluez"/>
</policy>
</busconfig>
--
2.19.1
Hi Tom,
On Tue, Nov 6, 2018 at 1:10 PM Tom Gundersen <[email protected]> wrote:
>
> As described in [0], this likely did not have the intended effect, so
> simply remove it. The change in behavior is that up until this patch
> it would be possible for root, lp, and any non-system user to potentially
> gain access to bluez' dbus interface. Now this is extended to also allow
> any system user.
>
> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
>
> Signed-off-by: Tom Gundersen <[email protected]>
> CC: David Herrmann <[email protected]>
> ---
> src/bluetooth.conf | 12 +-----------
> 1 file changed, 1 insertion(+), 11 deletions(-)
>
> diff --git a/src/bluetooth.conf b/src/bluetooth.conf
> index b67a954a2..8a1e25801 100644
> --- a/src/bluetooth.conf
> +++ b/src/bluetooth.conf
> @@ -22,18 +22,8 @@
> <allow send_interface="org.mpris.MediaPlayer2.Player"/>
> </policy>
>
> - <policy at_console="true">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> - <!-- allow users of lp group (printing subsystem) to
> - communicate with bluetoothd -->
> - <policy group="lp">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> <policy context="default">
> - <deny send_destination="org.bluez"/>
> + <allow send_destination="org.bluez"/>
> </policy>
>
> </busconfig>
> --
> 2.19.1
Applied, thanks.
--
Luiz Augusto von Dentz
Hi Tom,
> As described in [0], this likely did not have the intended effect, so
> simply remove it. The change in behavior is that up until this patch
> it would be possible for root, lp, and any non-system user to potentially
> gain access to bluez' dbus interface. Now this is extended to also allow
> any system user.
>
> [0]: <https://www.spinics.net/lists/linux-bluetooth/msg75267.html>
>
> Signed-off-by: Tom Gundersen <[email protected]>
> CC: David Herrmann <[email protected]>
> ---
> src/bluetooth.conf | 12 +-----------
> 1 file changed, 1 insertion(+), 11 deletions(-)
>
> diff --git a/src/bluetooth.conf b/src/bluetooth.conf
> index b67a954a2..8a1e25801 100644
> --- a/src/bluetooth.conf
> +++ b/src/bluetooth.conf
> @@ -22,18 +22,8 @@
> <allow send_interface="org.mpris.MediaPlayer2.Player"/>
> </policy>
>
> - <policy at_console="true">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> - <!-- allow users of lp group (printing subsystem) to
> - communicate with bluetoothd -->
> - <policy group="lp">
> - <allow send_destination="org.bluez"/>
> - </policy>
> -
> <policy context="default">
> - <deny send_destination="org.bluez"/>
> + <allow send_destination="org.bluez"/>
> </policy>
so I am not sure we want give hardware configuration (and with that pairing control) to every one in the system. In iwd for example we restricted this to the group “wheel”.
Regards
Marcel