2008-06-24 Dimitris Glezos <dimitris@glezos.com> (via glezos@fedoraproject.org)

[catta] / avahi-daemon / avahi-dbus.conf.in

diff --git a/avahi-daemon/avahi-dbus.conf.in b/avahi-daemon/avahi-dbus.conf.in
index 416c8dc07073f9597d7895058bcdf9af798abcb7..e439e0794bfffbab8ab7470a5de7d164a932c34a 100644 (file)
--- a/avahi-daemon/avahi-dbus.conf.in
+++ b/avahi-daemon/avahi-dbus.conf.in
@@ -11,15 +11,17 @@
     <allow own="org.freedesktop.Avahi"/>
   </policy>
 
-  <!-- Allow anyone to invoke methods on the Manager and Device interfaces -->
+  <!-- Allow anyone to invoke methods on Avahi server, except SetHostName -->
   <policy context="default">
-    <allow send_interface="org.freedesktop.Avahi"/>
+    <allow send_destination="org.freedesktop.Avahi"/>
+    <allow receive_sender="org.freedesktop.Avahi"/>
 
-    <allow receive_interface="org.freedesktop.Avahi"
-           receive_sender="org.freedesktop.Avahi"/>
+    <deny send_interface="org.freedesktop.Avahi.Server" send_member="SetHostName"/>
   </policy>
 
-  <limit name="max_match_rules_per_connection">512</limit>
-  <limit name="max_connections_per_user">20</limit>
-
+  <!-- Allow everything, including access to SetHostName to users of the group "@AVAHI_PRIV_ACCESS_GROUP@" -->
+  <policy group="@AVAHI_PRIV_ACCESS_GROUP@">
+    <allow send_destination="org.freedesktop.Avahi"/>
+    <allow receive_sender="org.freedesktop.Avahi"/>
+  </policy>
 </busconfig>