From 2a4c2413030db683cca9a22a55c8528d4107438d Mon Sep 17 00:00:00 2001 From: Stanislav Angelovic Date: Tue, 7 Jun 2022 07:59:04 +0200 Subject: [PATCH] docs: add more info on D-Bus security policy file --- docs/systemd-dbus-config.md | 16 ++++++---------- docs/using-sdbus-c++.md | 2 +- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/docs/systemd-dbus-config.md b/docs/systemd-dbus-config.md index b32a632..b95de84 100644 --- a/docs/systemd-dbus-config.md +++ b/docs/systemd-dbus-config.md @@ -1,4 +1,4 @@ -Systemd and dbus configuration +Systemd and D-Bus configuration ======================= **Table of contents** @@ -10,15 +10,13 @@ Systemd and dbus configuration Introduction ------------ -To run executable as a systemd service you may need some additional setup. For example, you may need explicitly allow -the usage of your service. Following chapters contain template configurations. +To run executable as a systemd service you may need some additional setup. For example, you may need explicitly allow the usage of your service. Following chapters contain template configurations. Systemd configuration --------------------------------------- -Filename should use `.service` extension. It also must be placed in configuration directory (/etc/systemd/system in -Ubuntu 18.04.1 LTS) +Filename should use `.service` extension. It also must be placed in configuration directory (/etc/systemd/system in Ubuntu 18.04.1 LTS) ``` [Unit] @@ -31,12 +29,10 @@ ExecStart=/path/to/executable WantedBy=multi-user.target ``` -Dbus configuration +D-Bus configuration ------------------ -Typical default D-Bus configuration does not allow to register services except explicitly allowed. Filename should -contain name of your service, e.g `/etc/dbus-1/system.d/org.sdbuscpp.concatenator.conf`. So, here is template -configuration to use dbus interface under root: +Typical default D-Bus configuration does not allow to register services except explicitly allowed. To allow a service to register its D-Bus API, we must place an appropriate conf file in `/etc/dbus-1/system.d/` directory. The conf file name must be `.conf`. I.e., full file path for Concatenator example from sdbus-c++ tutorial would be `/etc/dbus-1/system.d/org.sdbuscpp.concatenator.conf`. And here is template configuration to use its D-Bus interface under root: ``` ``` -If you need access from other user `root` should be substituted by desired username. For more refer to `man dbus-daemon`. \ No newline at end of file +If you need access from other user then `root` should be substituted by desired username. Or you can simply use policy `` like [conf file](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf) for sdbus-c++ integration tests is doing it. For more information refer to `man dbus-daemon`. diff --git a/docs/using-sdbus-c++.md b/docs/using-sdbus-c++.md index fb6b0a1..adf083c 100644 --- a/docs/using-sdbus-c++.md +++ b/docs/using-sdbus-c++.md @@ -225,7 +225,7 @@ Let's have an object `/org/sdbuscpp/concatenator` that implements the `org.sdbus In the following sections, we will elaborate on the ways of implementing such an object on both the server and the client side. -> **_Note_:** In order to be able to call methods of your system bus-based D-Bus service, a D-Bus security policy file has to be put in place for that service. See [dbus-daemon documentation](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), sections *INTEGRATING SYSTEM SERVICES* and *CONFIGURATION FILE*. As an example, you may look at the [policy file for sdbus-c++ integration tests](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf). +> **Before running Concatenator example in your system:** In order for your service to be allowed to provide a D-Bus API on system bus, a D-Bus security policy file has to be put in place for that service. Otherwise the service will fail to start (you'll get `[org.freedesktop.DBus.Error.AccessDenied] Failed to request bus name (Permission denied)`, for example). To make the Concatenator example work in your system, [look in this section of systemd configuration](systemd-dbus-config.md#dbus-configuration) for how to name the file, where to place it, how to populate it. For further information, consult [dbus-daemon documentation](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), sections *INTEGRATING SYSTEM SERVICES* and *CONFIGURATION FILE*. As an example used for sdbus-c++ integration tests, you may look at the [policy file for sdbus-c++ integration tests](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf). Implementing the Concatenator example using basic sdbus-c++ API layer ---------------------------------------------------------------------