[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Berechtigungsproblem

Hallo Gerhard,

Am Samstag, den 04.04.2009, 11:16 +0200 schrieb Gerhard Brandenburg:

> Damit dbus läuft, muss hal laufen.
> starte es neu mit
>  /etc/init.d/hal restart

Der Restart scheint überhaupt nicht zu funktionieren. Wenn ich versuche
hal zu starten spuckt er direkt das aus:

        # /etc/init.d/hal start
        Can't start Hardware abstraction layer - please ensure dbus is
        running failed!

Ein anschließendes # /etc/init.d/dbus start meint dann:

        Starting system message bus: dbusFailed to start message bus:
        Element <allow> not allowed inside <busconfig> in configuration

Das verstehe ich nicht. Das dbus gestartet ist habe ich doch schon

Die Datei /etc/dbus-1/system.conf hab ich mir angesehen. Leider befinden
sich dort eine Handvoll <allow> Absätze. Wäre es möglich die standard
Konfigurationsdatei wieder herzustellen? Hab meine Konfig mal unten
eingefügt bitte nicht erschrecken.

Viele Grüße

<!-- This configuration file controls the systemwide message bus.
     Add a system-local.conf and edit that rather than changing this 
     file directly. -->

<!-- Note that there are any number of ways you can hose yourself
     security-wise by screwing up this file; in particular, you
     probably don't want to listen on any more addresses, add any more
     auth mechanisms, run as a different user, etc. -->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration

<allow send_requested_reply="true" send_type="method_call"/>

  <!-- Our well-known bus type, do not change this -->

  <!-- Run as special user -->

  <!-- Fork into daemon mode -->

  <!-- We use system service launching using a helper -->

  <!-- This is a setuid helper that is used to launch system services


  <!-- Write a pid file -->

  <!-- Enable logging to syslog -->

  <!-- Only allow socket-credentials-based authentication -->

  <!-- Only listen on a local socket. (abstract=/path/to/socket 
       means use abstract namespace, don't really create filesystem 
       file; only Linux supports this. Use path=/whatever on other 
       systems.) -->

  <policy context="default">
    <!-- Deny everything then punch holes -->
    <deny send_interface="*"/>
    <deny receive_interface="*"/>
    <deny own="*"/>
    <!-- But allow all users to connect -->
    <allow user="*"/>
    <!-- Allow anyone to talk to the message bus -->
    <!-- FIXME I think currently these allow rules are always implicit 
         even if they aren't in here -->
    <allow send_destination="org.freedesktop.DBus"/>
    <allow receive_sender="org.freedesktop.DBus"/>
    <!-- Allow all signals to be sent by default -->
    <allow send_type="signal"/>
    <!-- allow sending valid replies -->
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>
    <!-- allow receiving valid replies -->
    <allow receive_requested_reply="true"/>
    <!-- Note: the rule above also allows receiving of all non-reply
         that are not denied later.  See:
         Potentially this will be replaced in the future by the
         following two rules:
    <allow receive_requested_reply="true" receive_type="method_return"/>
    <allow receive_requested_reply="true" receive_type="error"/>

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->

  <!-- This is included last so local configuration can override what's 
       in this standard file -->
  <include ignore_missing="yes">system-local.conf</include>

  <include if_selinux_enabled="yes"

Daniel Meißner
jabber meise@jabber.ccc.de, icq 174595282
web http://3st.mine.nu

pgp-key A4F00ECF

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply to: