diff options
Diffstat (limited to 'install/oddjob/etc')
-rw-r--r-- | install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf | 40 | ||||
-rw-r--r-- | install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf | 21 |
2 files changed, 61 insertions, 0 deletions
diff --git a/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf new file mode 100644 index 000000000..2e4c1367b --- /dev/null +++ b/install/oddjob/etc/dbus-1/system.d/oddjob-ipa-trust.conf @@ -0,0 +1,40 @@ +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + +<busconfig> + <!-- Only root can own (provide) the com.redhat.idm.trust service + on the system bus. --> + <policy user="root"> + <allow own="com.redhat.idm.trust"/> + <allow send_destination="com.redhat.idm.trust" + send_path="/" + send_interface="com.redhat.idm.trust" + send_member="fetch_domains"/> + </policy> + + <!-- Allow anyone to call the introspection methods of the "/" object + provided by the com.redhat.idm.trust service. --> + <policy context="default"> + <allow send_destination="com.redhat.idm.trust" + send_path="/" + send_interface="org.freedesktop.DBus.Introspectable" + send_member="Introspect"/> + <allow send_destination="com.redhat.idm.trust" + send_path="/" + send_interface="org.freedesktop.DBus.Properties" + send_member="GetAll"/> + <allow send_destination="com.redhat.idm.trust" + send_path="/" + send_interface="org.freedesktop.DBus.Properties" + send_member="Get"/> + </policy> + + <policy user="apache"> + <allow send_destination="com.redhat.idm.trust" + send_path="/" + send_interface="com.redhat.idm.trust" + send_member="fetch_domains"/> + </policy> + +</busconfig> diff --git a/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf new file mode 100644 index 000000000..17817de09 --- /dev/null +++ b/install/oddjob/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf @@ -0,0 +1,21 @@ +<?xml version="1.0"?> +<oddjobconfig> + <service name="com.redhat.idm.trust"> + <allow user="root"/> + <allow user="apache"/> + <object name="/"> + <interface name="org.freedesktop.DBus.Introspectable"> + <allow min_uid="0" max_uid="0"/> + <!-- <method name="Introspect"/> --> + </interface> + <interface name="com.redhat.idm.trust"> + <method name="fetch_domains"> + <helper exec="/usr/libexec/ipa/com.redhat.idm.trust-fetch-domains" + arguments="1" + argument_passing_method="cmdline" + prepend_user_name="no"/> + </method> + </interface> + </object> + </service> +</oddjobconfig> |