summaryrefslogtreecommitdiffstats
path: root/debian/extra
diff options
context:
space:
mode:
Diffstat (limited to 'debian/extra')
-rw-r--r--debian/extra/dbus-1/system.d/systemd-localed-read-only.conf23
1 files changed, 23 insertions, 0 deletions
diff --git a/debian/extra/dbus-1/system.d/systemd-localed-read-only.conf b/debian/extra/dbus-1/system.d/systemd-localed-read-only.conf
new file mode 100644
index 0000000..10eea7b
--- /dev/null
+++ b/debian/extra/dbus-1/system.d/systemd-localed-read-only.conf
@@ -0,0 +1,23 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "https://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+On Debian and derivatives keymap/locales/etc are not set via localed,
+but from legacy and incompatible components. But we still need to
+enable localed so that GNOME can query it. Ensure not even root can
+use it to modify the settings.
+-->
+
+<busconfig>
+ <policy user="root">
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetLocale"/>
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetVConsoleKeyboard"/>
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetX11Keyboard"/>
+ </policy>
+ <policy context="default">
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetLocale"/>
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetVConsoleKeyboard"/>
+ <deny send_destination="org.freedesktop.locale1" send_interface="org.freedesktop.locale1" send_member="SetX11Keyboard"/>
+ </policy>
+</busconfig>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-18 12:42:03 +0000