rpm-ostree/src/daemon/org.projectatomic.rpmostree1.conf

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE busconfig PUBLIC
  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
  <!-- Only root can own the service -->
  <policy user="root">
    <allow own="org.projectatomic.rpmostree1"/>
    <allow send_destination="org.projectatomic.rpmostree1"/>
  </policy>

  <!-- Allow anyone to call into the service - we'll reject callers using PolicyKit -->
  <policy context="default">
    <deny send_destination="org.projectatomic.rpmostree1"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.freedesktop.DBus.Introspectable"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.freedesktop.DBus.ObjectManager"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.freedesktop.DBus.Peer"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.freedesktop.DBus.Properties"
           send_member="Get"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.freedesktop.DBus.Properties"
           send_member="GetAll"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.projectatomic.rpmostree1.OS"/>

    <allow send_destination="org.projectatomic.rpmostree1"
           send_interface="org.projectatomic.rpmostree1.Sysroot"/>
  </policy>
</busconfig>