Versions Compared

Old Version 22

changes.mady.by.user Tim Konick

Saved on

compared with

New Version 23

changes.mady.by.user Tim Konick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
# nothing can be done by default deny all

# allow stubdoms to talk to surfman,xenmgr,dbus
allow stubdom true destination destination com.citrix.xenclient.surfman
allow stubdom true destination com.citrix.xenclient.xenmgr
allow stubdom true destination org.freedesktop.DBus interface org.freedesktop.DBus

# allow guests to call 'gather' on diagnostics interface (required by xc-diag)
allow destination destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.diag member gather

# allow anybody to do some vm queries required for switcher bar
allow destination destination com.citrix.xenclient.xenmgr interface org.freedesktop.DBus.Properties member Get
allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr member list_vms
allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member get_db_key
allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member read_icon
allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.vm member switch
allow destination com.citrix.xenclient.input interface com.citrix.xenclient.input member get_focus_domid
allow destination com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr member find_vm_by_domid

# allow guest to do some requests allow destination 
com.citrix.xenclient.xenmgr interface com.citrix.xenclient.xenmgr.guestreq member request_attention

# allow conditional domstore (private db space) access 
allow destination destination com.citrix.xenclient.db interface com.citrix.xenclient.db member read if-boolean domstore-read-access true
allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member read_binary if-boolean domstore-read-access true
allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member list if-boolean domstore-read-access true
allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member exists if-boolean domstore-read-access true

#
allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member write if-boolean domstore-write-access true
allow destination com.citrix.xenclient.db interface com.citrix.xenclient.db member rm if-boolean domstore-write-access true

...