forked from Kistler-Group/sdbus-cpp
docs: add more info on D-Bus security policy file
This commit is contained in:
Stanislav Angelovic
committed by
Stanislav Angelovič
Stanislav Angelovič
parent
5e933c3f17
commit
2a4c241303
@ -1,4 +1,4 @@
|
|||||||
Systemd and dbus configuration
|
Systemd and D-Bus configuration
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
**Table of contents**
|
**Table of contents**
|
||||||
@ -10,15 +10,13 @@ Systemd and dbus configuration
|
|||||||
Introduction
|
Introduction
|
||||||
------------
|
------------
|
||||||
|
|
||||||
To run executable as a systemd service you may need some additional setup. For example, you may need explicitly allow
|
To run executable as a systemd service you may need some additional setup. For example, you may need explicitly allow the usage of your service. Following chapters contain template configurations.
|
||||||
the usage of your service. Following chapters contain template configurations.
|
|
||||||
|
|
||||||
|
|
||||||
Systemd configuration
|
Systemd configuration
|
||||||
---------------------------------------
|
---------------------------------------
|
||||||
|
|
||||||
Filename should use `.service` extension. It also must be placed in configuration directory (/etc/systemd/system in
|
Filename should use `.service` extension. It also must be placed in configuration directory (/etc/systemd/system in Ubuntu 18.04.1 LTS)
|
||||||
Ubuntu 18.04.1 LTS)
|
|
||||||
|
|
||||||
```
|
```
|
||||||
[Unit]
|
[Unit]
|
||||||
@ -31,12 +29,10 @@ ExecStart=/path/to/executable
|
|||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
```
|
```
|
||||||
|
|
||||||
Dbus configuration
|
D-Bus configuration
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
Typical default D-Bus configuration does not allow to register services except explicitly allowed. Filename should
|
Typical default D-Bus configuration does not allow to register services except explicitly allowed. To allow a service to register its D-Bus API, we must place an appropriate conf file in `/etc/dbus-1/system.d/` directory. The conf file name must be `<service-name>.conf`. I.e., full file path for Concatenator example from sdbus-c++ tutorial would be `/etc/dbus-1/system.d/org.sdbuscpp.concatenator.conf`. And here is template configuration to use its D-Bus interface under root:
|
||||||
contain name of your service, e.g `/etc/dbus-1/system.d/org.sdbuscpp.concatenator.conf`. So, here is template
|
|
||||||
configuration to use dbus interface under root:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
<!DOCTYPE busconfig PUBLIC
|
<!DOCTYPE busconfig PUBLIC
|
||||||
@ -51,4 +47,4 @@ configuration to use dbus interface under root:
|
|||||||
</busconfig>
|
</busconfig>
|
||||||
```
|
```
|
||||||
|
|
||||||
If you need access from other user `root` should be substituted by desired username. For more refer to `man dbus-daemon`.
|
If you need access from other user then `root` should be substituted by desired username. Or you can simply use policy `<policy context="default">` like [conf file](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf) for sdbus-c++ integration tests is doing it. For more information refer to `man dbus-daemon`.
|
||||||
|
|||||||
@ -225,7 +225,7 @@ Let's have an object `/org/sdbuscpp/concatenator` that implements the `org.sdbus
|
|||||||
|
|
||||||
In the following sections, we will elaborate on the ways of implementing such an object on both the server and the client side.
|
In the following sections, we will elaborate on the ways of implementing such an object on both the server and the client side.
|
||||||
|
|
||||||
> **_Note_:** In order to be able to call methods of your system bus-based D-Bus service, a D-Bus security policy file has to be put in place for that service. See [dbus-daemon documentation](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), sections *INTEGRATING SYSTEM SERVICES* and *CONFIGURATION FILE*. As an example, you may look at the [policy file for sdbus-c++ integration tests](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf).
|
> **Before running Concatenator example in your system:** In order for your service to be allowed to provide a D-Bus API on system bus, a D-Bus security policy file has to be put in place for that service. Otherwise the service will fail to start (you'll get `[org.freedesktop.DBus.Error.AccessDenied] Failed to request bus name (Permission denied)`, for example). To make the Concatenator example work in your system, [look in this section of systemd configuration](systemd-dbus-config.md#dbus-configuration) for how to name the file, where to place it, how to populate it. For further information, consult [dbus-daemon documentation](https://dbus.freedesktop.org/doc/dbus-daemon.1.html), sections *INTEGRATING SYSTEM SERVICES* and *CONFIGURATION FILE*. As an example used for sdbus-c++ integration tests, you may look at the [policy file for sdbus-c++ integration tests](/tests/integrationtests/files/org.sdbuscpp.integrationtests.conf).
|
||||||
|
|
||||||
Implementing the Concatenator example using basic sdbus-c++ API layer
|
Implementing the Concatenator example using basic sdbus-c++ API layer
|
||||||
---------------------------------------------------------------------
|
---------------------------------------------------------------------
|
||||||
|
|||||||
Reference in New Issue
Block a user