summaryrefslogtreecommitdiffstats
path: root/src/tests/intg/data/cwrap-dbus-system.conf.in
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:31:45 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:31:45 +0000
commit74aa0bc6779af38018a03fd2cf4419fe85917904 (patch)
tree9cb0681aac9a94a49c153d5823e7a55d1513d91f /src/tests/intg/data/cwrap-dbus-system.conf.in
parentInitial commit. (diff)
downloadsssd-74aa0bc6779af38018a03fd2cf4419fe85917904.tar.xz
sssd-74aa0bc6779af38018a03fd2cf4419fe85917904.zip
Adding upstream version 2.9.4.upstream/2.9.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/tests/intg/data/cwrap-dbus-system.conf.in')
-rw-r--r--src/tests/intg/data/cwrap-dbus-system.conf.in83
1 files changed, 83 insertions, 0 deletions
diff --git a/src/tests/intg/data/cwrap-dbus-system.conf.in b/src/tests/intg/data/cwrap-dbus-system.conf.in
new file mode 100644
index 0000000..7369054
--- /dev/null
+++ b/src/tests/intg/data/cwrap-dbus-system.conf.in
@@ -0,0 +1,83 @@
+<!-- This configuration file controls the systemwide message bus.
+ Add a system-local.conf and edit that rather than changing this
+ file directly. -->
+
+<!-- Note that there are any number of ways you can hose yourself
+ security-wise by screwing up this file; in particular, you
+ probably don't want to listen on any more addresses, add any more
+ auth mechanisms, run as a different user, etc. -->
+
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Our well-known bus type, do not change this -->
+ <type>system</type>
+
+ <!-- If we fork, keep the user's original umask to avoid affecting
+ the behavior of child processes. -->
+ <keep_umask/>
+
+
+ <!-- Fork into daemon mode -->
+ <fork/>
+
+ <!-- We use system service launching using a helper -->
+ <standard_system_servicedirs/>
+ <servicedir>@dbusservicedir@</servicedir>
+
+
+ <!-- Write a pid file -->
+ <pidfile>@runstatedir@/dbus/messagebus.pid</pidfile>
+
+ <!-- On Unix systems, the most secure authentication mechanism is
+ EXTERNAL, which uses credential-passing over Unix sockets.
+
+ This authentication mechanism is not available on Windows,
+ is not suitable for use with the tcp: or nonce-tcp: transports,
+ and will not work on obscure flavours of Unix that do not have
+ a supported credentials-passing mechanism. On those platforms/transports,
+ comment out the <auth> element to allow fallback to DBUS_COOKIE_SHA1. -->
+ <auth>EXTERNAL</auth>
+
+ <!-- Only listen on a local socket. (abstract=/path/to/socket
+ means use abstract namespace, don't really create filesystem
+ file; only Linux supports this. Use path=/whatever on other
+ systems.) -->
+ <listen>unix:path=@runstatedir@/dbus/system_bus_socket</listen>
+ <policy context="default">
+ <!-- Allow everything to be sent -->
+ <allow send_destination="*" eavesdrop="true"/>
+ <!-- Allow everything to be received -->
+ <allow eavesdrop="true"/>
+ <!-- Allow anyone to own anything -->
+ <allow own="*"/>
+ </policy>
+
+ <!-- Config files are placed here that among other things, punch
+ holes in the above policy for specific services. -->
+ <includedir>system.d</includedir>
+
+ <!--
+ <includedir>/etc/dbus-1/system.d</includedir>
+ -->
+
+ <!-- This is included last so local configuration can override what's
+ in this standard file -->
+ <include ignore_missing="yes">/etc/dbus-1/system-local.conf</include>
+
+ <include if_selinux_enabled="yes" selinux_root_relative="yes">contexts/dbus_contexts</include>
+
+ <!-- For the session bus, override the default relatively-low limits
+ with essentially infinite limits, since the bus is just running
+ as the user anyway, using up bus resources is not something we need
+ to worry about. In some cases, we do set the limits lower than
+ "all available memory" if exceeding the limit is almost certainly a bug,
+ having the bus enforce a limit is nicer than a huge memory leak. But the
+ intent is that these limits should never be hit. -->
+
+ <!-- the memory limits are 1G instead of say 4G because they can't exceed 32-bit signed int max -->
+ <!-- We do not override max_message_unix_fds here since the in-kernel
+ limit is also relatively low -->
+
+</busconfig>