diff options
Diffstat (limited to 'bus/dbus-daemon.1.in')
-rw-r--r-- | bus/dbus-daemon.1.in | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/bus/dbus-daemon.1.in b/bus/dbus-daemon.1.in index 902ff37..5144bc1 100644 --- a/bus/dbus-daemon.1.in +++ b/bus/dbus-daemon.1.in @@ -295,16 +295,22 @@ by max_message_size. .PP max_completed_connections divided by max_connections_per_user is the -number of users that can work together to DOS all other users by using -up all connections. +number of users that can work together to denial-of-service all other users by using +up all connections on the systemwide bus. + +.PP +Limits are normally only of interest on the systemwide bus, not the user session +buses. .TP .I "<policy>" .PP -The <policy> element defines a policy to be applied to a particular +The <policy> element defines a security policy to be applied to a particular set of connections to the bus. A policy is made up of -<allow> and <deny> elements. +<allow> and <deny> elements. Policies are normally used with the systemwide bus; +they are analogous to a firewall in that they allow expected traffic +and prevent unexpected traffic. .PP The <policy> element has one of three attributes: @@ -559,11 +565,13 @@ probably add a way to set the default connection context. Second, any time a connection asks to own a name, the bus daemon will check permissions with the security context of the connection as source, the security context specified -for the name with an <associate> element as target, object +for the name in the config file as target, object class "dbus" and requested permission "acquire_svc". .PP -If the name has no security context associated in the +The security context for a bus name is specified with the +<associate> element described earlier in this document. +If a name has no security context associated in the configuration file, the security context of the bus daemon itself will be used. |