How to disable/make config more permissive for debugging purposes

[pontaoski]

I'm trying to debug a PolicyKit agent I'm writing from scratch, and am running into issues with DBus communications, but I'm unable to use tools like d-spy (even as root) due to dbus policies preventing this like so:

Okt 14 00:32:37 fedora dbus-broker[1243]: A security policy denied :1.1938 to send method call /:org.freedesktop.DBus.Introspectable.Introspect to :1.1941.

From what I can tell, the standard DBus policy language requires a stable service name instead of the ones like :1.1941 and isn't able to just allow everything, so I'm unable to configure a more permissive policy to allow me to debug what's going on.

[dvdhrm]

Two simple options:

1. Run on the user-bus, rather than the system-bus. The user-bus has an open-for-all policy by default.
2. If you run on the system bus, you can install a policy that just allows any message transfer possible.

As a policy, you can use something like this:

        <policy context="default">
                <allow send_destination="*" />
        </policy>

Note that other policies from /usr/share/dbus-1/system.d/ are read in effectively random order. So if those policies block specific methods, you must ensure your policy is loaded after them (...).

We definitely should fix the reference-implementation and dbus-broker to load those files in sorted order, though.

[dvdhrm]

Closing due to inactivity. Please re-open if this is still an issue.

(Note that dbus-broker now loads files in alphabetical order, so the mentioned issue should no longer exist.)