add deny clause in hostnamed sysbus policy

add a <deny> statement to prevent regular users from invoking any
methods on hostname1's interface, which all set details only root
should be able to set

diff --git a/conf/sysbus-policy/hostnamed-dbus.conf b/conf/sysbus-policy/hostnamed-dbus.conf
index ea11b9d2b3e1490c9a0fa1f4d450306e72d7ec87..9c4fa4101f6d7d56c98244f1a6f302cd82450069 100644 (file)
--- a/conf/sysbus-policy/hostnamed-dbus.conf
+++ b/conf/sysbus-policy/hostnamed-dbus.conf
@@ -10,5 +10,9 @@
         <policy context="default">
                 <allow send_destination="org.freedesktop.hostname1"/>
                 <allow receive_sender="org.freedesktop.hostname1"/>
+
+                <deny send_destination="org.freedesktop.hostname1"
+                      send_interface="org.freedesktop.hostname1"
+                      send_type="method_call"/>
         </policy>
 </busconfig>