Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[ssu] Protect SSU dbus interface with sailfish-system group. Contribu…
…tes to JB#47997

File system permissions are kept under ssu and those should be only
accessible by the ssud itself.
  • Loading branch information
rainemak committed Nov 5, 2019
1 parent 27af65c commit 645745b
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 3 deletions.
2 changes: 1 addition & 1 deletion dbus/org.nemo.ssu.conf
Expand Up @@ -8,7 +8,7 @@
<allow send_destination="org.nemo.ssu" send_interface="org.nemo.ssu"/>
</policy>

<policy group="system">
<policy group="sailfish-system">
<allow send_destination="org.nemo.ssu" send_interface="org.nemo.ssu"/>
<allow send_destination="org.nemo.ssu" send_interface="org.freedesktop.DBus.Introspectable"/>
<allow send_destination="org.nemo.ssu" send_interface="org.freedesktop.DBus.Peer"/>
Expand Down
3 changes: 1 addition & 2 deletions rpm/ssu.spec
Expand Up @@ -17,6 +17,7 @@ BuildRequires: pkgconfig(libshadowutils)
BuildRequires: pkgconfig(connman-qt5)
BuildRequires: oneshot
BuildRequires: doxygen
Requires(pre): sailfish-setup
Requires(pre): shadow-utils
Requires(pre): /usr/bin/groupadd-user
Requires(postun): shadow-utils
Expand Down Expand Up @@ -188,8 +189,6 @@ cd .. && cp -R doc/html/* %{buildroot}/%{_docdir}/%{name}/


%pre
groupadd -rf ssu
groupadd-user ssu
if [ -f /etc/ssu/ssu.ini ]; then
chgrp ssu /etc/ssu/ssu.ini
chmod 664 /etc/ssu/ssu.ini
Expand Down

0 comments on commit 645745b

Please sign in to comment.