Re: Berechtigungsproblem
Hallo Daniel,
Am Samstag, 4. April 2009 schrieb Daniel Meißner:
> Hallo Gerhard,
>
> Am Samstag, den 04.04.2009, 11:16 +0200 schrieb Gerhard Brandenburg:
> > Damit dbus läuft, muss hal laufen.
in Wirklichkeit umgekehrt, beim Stoppen von dbus wird auch hald gestoppt.
> > starte es neu mit
> > /etc/init.d/hal restart
>
> Der Restart scheint überhaupt nicht zu funktionieren. Wenn ich versuche
> hal zu starten spuckt er direkt das aus:
>
> # /etc/init.d/hal start
> Can't start Hardware abstraction layer - please ensure dbus is
> running failed!
>
> Ein anschließendes # /etc/init.d/dbus start meint dann:
>
> Starting system message bus: dbusFailed to start message bus:
> Element <allow> not allowed inside <busconfig> in configuration
> file
>
> Das verstehe ich nicht. Das dbus gestartet ist habe ich doch schon
> geprüft.
>
> Die Datei /etc/dbus-1/system.conf hab ich mir angesehen. Leider befinden
> sich dort eine Handvoll <allow> Absätze. Wäre es möglich die standard
> Konfigurationsdatei wieder herzustellen? Hab meine Konfig mal unten
> eingefügt bitte nicht erschrecken.
>
zum Vergleich meine system.config (lenny) im Anschluss:
-------------------------------------------
boss2:/var/lib/dbus# cat /etc/dbus-1/system.conf
<!-- This configuration file controls the systemwide message bus.
Add a system-local.conf and edit that rather than changing this
file directly. -->
<!-- Note that there are any number of ways you can hose yourself
security-wise by screwing up this file; in particular, you
probably don't want to listen on any more addresses, add any more
auth mechanisms, run as a different user, etc. -->
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration
1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Our well-known bus type, do not change this -->
<type>system</type>
<!-- Run as special user -->
<user>messagebus</user>
<!-- Fork into daemon mode -->
<fork/>
<!-- We use system service launching using a helper -->
<standard_system_servicedirs/>
<!-- This is a setuid helper that is used to launch system services -->
<servicehelper>/usr/lib/dbus-1.0/dbus-daemon-launch-helper</servicehelper>
<!-- Write a pid file -->
<pidfile>/var/run/dbus/pid</pidfile>
<!-- Enable logging to syslog -->
<syslog/>
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
<!-- Only listen on a local socket. (abstract=/path/to/socket
means use abstract namespace, don't really create filesystem
file; only Linux supports this. Use path=/whatever on other
systems.) -->
<listen>unix:path=/var/run/dbus/system_bus_socket</listen>
<policy context="default">
<!-- Deny everything then punch holes -->
<deny send_interface="*"/>
<deny receive_interface="*"/>
<deny own="*"/>
<!-- But allow all users to connect -->
<allow user="*"/>
<!-- Allow anyone to talk to the message bus -->
<!-- FIXME I think currently these allow rules are always implicit
even if they aren't in here -->
<allow send_destination="org.freedesktop.DBus"/>
<allow receive_sender="org.freedesktop.DBus"/>
<!-- Allow all signals to be sent by default -->
<allow send_type="signal"/>
<!-- allow sending valid replies -->
<allow send_requested_reply="true" send_type="method_return"/>
<allow send_requested_reply="true" send_type="error"/>
<!-- allow receiving valid replies -->
<allow receive_requested_reply="true"/>
<!-- Note: the rule above also allows receiving of all non-reply messages
that are not denied later. See:
https://bugs.freedesktop.org/show_bug.cgi?id=18229
Potentially this will be replaced in the future by the
following two rules:
<allow receive_requested_reply="true" receive_type="method_return"/>
<allow receive_requested_reply="true" receive_type="error"/>
-->
</policy>
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
<includedir>system.d</includedir>
<!-- This is included last so local configuration can override what's
in this standard file -->
<include ignore_missing="yes">system-local.conf</include>
<include if_selinux_enabled="yes"
selinux_root_relative="yes">contexts/dbus_co
ntexts</include>
</busconfig>
boss2:/var/lib/dbus#
---------------------------------------------
> Viele Grüße
> Daniel
>
>
> Anhang:
> <!-- This configuration file controls the systemwide message bus.
> Add a system-local.conf and edit that rather than changing this
> file directly. -->
>
> <!-- Note that there are any number of ways you can hose yourself
> security-wise by screwing up this file; in particular, you
> probably don't want to listen on any more addresses, add any more
> auth mechanisms, run as a different user, etc. -->
>
> <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration
> 1.0//EN"
> "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
> <busconfig>
>
> <allow send_requested_reply="true" send_type="method_call"/>
diese Zeile gibt es bei mir nicht
>
>
> <!-- Our well-known bus type, do not change this -->
> <type>system</type>
>
> <!-- Run as special user -->
> <user>messagebus</user>
>
> <!-- Fork into daemon mode -->
> <fork/>
>
> <!-- We use system service launching using a helper -->
> <standard_system_servicedirs/>
>
> <!-- This is a setuid helper that is used to launch system services
> -->
>
> <servicehelper>/usr/lib/dbus-1.0/dbus-daemon-launch-helper</servicehelper>
>
> <!-- Write a pid file -->
> <pidfile>/var/run/dbus/pid</pidfile>
>
> <!-- Enable logging to syslog -->
> <syslog/>
>
> <!-- Only allow socket-credentials-based authentication -->
> <auth>EXTERNAL</auth>
>
> <!-- Only listen on a local socket. (abstract=/path/to/socket
> means use abstract namespace, don't really create filesystem
> file; only Linux supports this. Use path=/whatever on other
> systems.) -->
> <listen>unix:path=/var/run/dbus/system_bus_socket</listen>
>
> <policy context="default">
> <!-- Deny everything then punch holes -->
> <deny send_interface="*"/>
> <deny receive_interface="*"/>
> <deny own="*"/>
> <!-- But allow all users to connect -->
> <allow user="*"/>
> <!-- Allow anyone to talk to the message bus -->
> <!-- FIXME I think currently these allow rules are always implicit
> even if they aren't in here -->
> <allow send_destination="org.freedesktop.DBus"/>
> <allow receive_sender="org.freedesktop.DBus"/>
> <!-- Allow all signals to be sent by default -->
> <allow send_type="signal"/>
> <!-- allow sending valid replies -->
> <allow send_requested_reply="true" send_type="method_return"/>
> <allow send_requested_reply="true" send_type="error"/>
> <!-- allow receiving valid replies -->
> <allow receive_requested_reply="true"/>
> <!-- Note: the rule above also allows receiving of all non-reply
> messages
> that are not denied later. See:
> https://bugs.freedesktop.org/show_bug.cgi?id=18229
> Potentially this will be replaced in the future by the
> following two rules:
> <allow receive_requested_reply="true" receive_type="method_return"/>
> <allow receive_requested_reply="true" receive_type="error"/>
> -->
> </policy>
>
> <!-- Config files are placed here that among other things, punch
> holes in the above policy for specific services. -->
> <includedir>system.d</includedir>
>
> <!-- This is included last so local configuration can override what's
> in this standard file -->
> <include ignore_missing="yes">system-local.conf</include>
>
> <include if_selinux_enabled="yes"
> selinux_root_relative="yes">contexts/dbus_contexts</include>
>
> </busconfig>
Gruß Gerhard
Reply to: