diff options
| author | Lubomir Rintel <lkundrak@v3.sk> | 2016-04-16 20:39:45 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-09-05 15:28:54 +0200 |
| commit | 15797791199a325977fb6b6108175c6bb086c7da (patch) | |
| tree | c060c7820127b2cc8be6687d445773b4fdbecdb7 /src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c | |
| parent | 916cd5d7ca35f37e2db81da7db07e12fa96ab373 (diff) | |
| download | strongswan-15797791199a325977fb6b6108175c6bb086c7da.tar.bz2 strongswan-15797791199a325977fb6b6108175c6bb086c7da.tar.xz | |
nm: Don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
strongSwan's VPN plugin, such as NetworkManager communication with the
VPN plugins.
From the dbus-daemon manual:
Be careful with send_interface/receive_interface, because the
interface field in messages is optional. In particular, do NOT
specify <deny send_interface="org.foo.Bar"/>! This will cause
no-interface messages to be blocked for all services, which is
almost certainly not what you intended. Always use rules of the form:
<deny send_interface="org.foo.Bar" send_destination="org.foo.Service"/>
We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.
Closes strongswan/strongswan#42.
Diffstat (limited to 'src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c')
0 files changed, 0 insertions, 0 deletions