From Fedora Project Wiki

< Features

Revision as of 15:00, 26 February 2009 by Walters (talk | contribs) (New page: = DBus Policy = == Summary == Due to a security issue, the DBus system bus policy has changed, and many applications were incorrect...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

DBus Policy


Due to a [security issue], the DBus system bus policy has changed, and many applications were incorrect.


  • Name: Colin Walters <>

Current status

  • Targeted release: Fedora 11
  • Last updated: 2009-02-26
  • Percentage of completion: 90%

Detailed Description

Essentially the system bus policy was unintentionally wide open, and a number of applications relied on this and shipped incorrect or incomplete policy files in /etc/dbus-1/system.d.

There's more information in [this mail], as well as [this mail].

Known issues have been added to [this upstream tracker bug].

There is logging of denials to /var/log/messages.

Benefit to Fedora

Fixes an important line of defense in the core OS security.


Any package which ships a file in /etc/dbus-1/system.d may be affected.

Test Plan

  • Desktop: Test NetworkManager and HAL+device mounting.

Shouldn't be any denials in /var/log/messages

User Experience

No user visible experience.



Contingency Plan

We could continue to be in "permissive" mode for another release, but I'd really like not to do that.


See the detailed description for information.

Release Notes

Comments and Discussion

Can be discussed on the fedora-devel list or the [upstream list].