Re: Berechtigungsproblem

To: debian-user-german@lists.debian.org
Subject: Re: Berechtigungsproblem
From: Daniel Meißner <daniel@3st.mine.nu>
Date: Sat, 04 Apr 2009 11:38:17 +0200
Message-id: <[🔎] 1238837897.5265.12.camel@jhihahaha>
In-reply-to: <[🔎] 200904041116.57659.eeepc@ro-aising.de>
References: <[🔎] 1238707212.9884.13.camel@jhihahaha> <[🔎] 20090403115931.GA22757@mail.kill-9.de> <[🔎] 1238772672.3936.2.camel@jhihahaha> <[🔎] 200904041116.57659.eeepc@ro-aising.de>

Hallo Gerhard,

Am Samstag, den 04.04.2009, 11:16 +0200 schrieb Gerhard Brandenburg:

> Damit dbus läuft, muss hal laufen.
> starte es neu mit
>  /etc/init.d/hal restart

Der Restart scheint überhaupt nicht zu funktionieren. Wenn ich versuche
hal zu starten spuckt er direkt das aus:

        # /etc/init.d/hal start
        Can't start Hardware abstraction layer - please ensure dbus is
        running failed!

Ein anschließendes # /etc/init.d/dbus start meint dann:

        Starting system message bus: dbusFailed to start message bus:
        Element <allow> not allowed inside <busconfig> in configuration
        file

Das verstehe ich nicht. Das dbus gestartet ist habe ich doch schon
geprüft.

Die Datei /etc/dbus-1/system.conf hab ich mir angesehen. Leider befinden
sich dort eine Handvoll <allow> Absätze. Wäre es möglich die standard
Konfigurationsdatei wieder herzustellen? Hab meine Konfig mal unten
eingefügt bitte nicht erschrecken.

Viele Grüße
Daniel


Anhang:
<!-- This configuration file controls the systemwide message bus.
     Add a system-local.conf and edit that rather than changing this 
     file directly. -->

<!-- Note that there are any number of ways you can hose yourself
     security-wise by screwing up this file; in particular, you
     probably don't want to listen on any more addresses, add any more
     auth mechanisms, run as a different user, etc. -->

<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration
1.0//EN"
 "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";>
<busconfig>

<allow send_requested_reply="true" send_type="method_call"/>


  <!-- Our well-known bus type, do not change this -->
  <type>system</type>

  <!-- Run as special user -->
  <user>messagebus</user>

  <!-- Fork into daemon mode -->
  <fork/>

  <!-- We use system service launching using a helper -->
  <standard_system_servicedirs/>

  <!-- This is a setuid helper that is used to launch system services
-->

<servicehelper>/usr/lib/dbus-1.0/dbus-daemon-launch-helper</servicehelper>

  <!-- Write a pid file -->
  <pidfile>/var/run/dbus/pid</pidfile>

  <!-- Enable logging to syslog -->
  <syslog/>

  <!-- Only allow socket-credentials-based authentication -->
  <auth>EXTERNAL</auth>

  <!-- Only listen on a local socket. (abstract=/path/to/socket 
       means use abstract namespace, don't really create filesystem 
       file; only Linux supports this. Use path=/whatever on other 
       systems.) -->
  <listen>unix:path=/var/run/dbus/system_bus_socket</listen>

  <policy context="default">
    <!-- Deny everything then punch holes -->
    <deny send_interface="*"/>
    <deny receive_interface="*"/>
    <deny own="*"/>
    <!-- But allow all users to connect -->
    <allow user="*"/>
    <!-- Allow anyone to talk to the message bus -->
    <!-- FIXME I think currently these allow rules are always implicit 
         even if they aren't in here -->
    <allow send_destination="org.freedesktop.DBus"/>
    <allow receive_sender="org.freedesktop.DBus"/>
    <!-- Allow all signals to be sent by default -->
    <allow send_type="signal"/>
    <!-- allow sending valid replies -->
    <allow send_requested_reply="true" send_type="method_return"/>
    <allow send_requested_reply="true" send_type="error"/>
    <!-- allow receiving valid replies -->
    <allow receive_requested_reply="true"/>
    <!-- Note: the rule above also allows receiving of all non-reply
messages
         that are not denied later.  See:
         https://bugs.freedesktop.org/show_bug.cgi?id=18229
         Potentially this will be replaced in the future by the
         following two rules:
    <allow receive_requested_reply="true" receive_type="method_return"/>
    <allow receive_requested_reply="true" receive_type="error"/>
    -->
  </policy>

  <!-- Config files are placed here that among other things, punch 
       holes in the above policy for specific services. -->
  <includedir>system.d</includedir>

  <!-- This is included last so local configuration can override what's 
       in this standard file -->
  <include ignore_missing="yes">system-local.conf</include>

  <include if_selinux_enabled="yes"
selinux_root_relative="yes">contexts/dbus_contexts</include>

</busconfig>
-- 
Daniel Meißner
jabber meise@jabber.ccc.de, icq 174595282
web http://3st.mine.nu

pgp-key A4F00ECF
http://keyserver.pgp.com

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Reply to:

Follow-Ups:
- Re: Berechtigungsproblem
  - From: Gerhard Brandenburg <eeepc@ro-aising.de>

References:
- Berechtigungsproblem
  - From: Daniel Meißner <daniel@3st.mine.nu>
- Re: Berechtigungsproblem
  - From: Hans-Juergen Becker <hjbecker@region-online.de>
- Re: Berechtigungsproblem
  - From: Daniel Meißner <daniel@3st.mine.nu>
- Re: Berechtigungsproblem
  - From: Gerhard Brandenburg <eeepc@ro-aising.de>

Prev by Date: Re: Debian und Vigor mögen sich nicht? DNS Problem
Next by Date: Re: Berechtigungsproblem
Previous by thread: Re: Berechtigungsproblem
Next by thread: Re: Berechtigungsproblem
Index(es):
- Date
- Thread