warehack.ing/mcdbus
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcdbus/docs/examples/mcdbus.service
Ryan Malloy 5fa1eb36ef Hamilton remediation: validation, ToolError, elicitation, permission docs 
Three-pillar fix from Hamilton review:

Code quality — validate_signature() for D-Bus spec compliance,
MCDBUS_TIMEOUT env var, replace 13 error-as-success returns with
ToolError, monotonic clock deadline on tree walks, sanitize D-Bus
error messages, fix resource connection leak via module-level
BusManager, hasattr guards in conftest.

Elicitation — ctx.elicit() confirmation for system bus call_method
and all set_property calls, graceful degradation when client lacks
elicitation support, MCDBUS_REQUIRE_ELICITATION for hard-fail mode.

Permission docs — four-layer guide (systemd sandboxing, dbus-broker
policy, polkit rules, xdg-dbus-proxy) with ready-to-deploy example
configs validated against xmllint, bash -n, and systemd-analyze.
2026-03-06 11:54:31 -07:00

77 lines
1.5 KiB
Desktop File
Raw Blame History

[Unit]
Description=mcdbus D-Bus MCP server
Documentation=https://github.com/supported-systems/mcdbus
After=dbus.service
[Service]
Type=simple
ExecStart=/usr/bin/env mcdbus
# --- Identity ---
# Ephemeral user, no persistent UID, no home directory.
# If you need supplementary groups (e.g. for polkit rules), switch
# to User=mcdbus with a real system account instead.
DynamicUser=yes
# --- Filesystem ---
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectClock=yes
ProtectProc=invisible
ProcSubset=pid
ReadWritePaths=
# --- Network ---
# D-Bus uses AF_UNIX only. Block everything else.
RestrictAddressFamilies=AF_UNIX
PrivateNetwork=no
# --- Capabilities ---
# Empty = drop all capabilities.
CapabilityBoundingSet=
AmbientCapabilities=
NoNewPrivileges=yes
# --- Syscalls ---
SystemCallFilter=@system-service
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
# --- Memory ---
MemoryDenyWriteExecute=yes
LockPersonality=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
RemoveIPC=yes
# --- Namespaces ---
RestrictNamespaces=yes
# --- Environment ---
Environment=MCDBUS_TIMEOUT=30
# Uncomment to require user confirmation for system bus calls:
# Environment=MCDBUS_REQUIRE_ELICITATION=1
# --- Logging ---
StandardOutput=journal
StandardError=journal
SyslogIdentifier=mcdbus
# --- Resource limits ---
MemoryMax=256M
TasksMax=64
# --- Restart ---
Restart=on-failure
RestartSec=5
[Install]
WantedBy=default.target
Reference in New Issue View Git Blame Copy Permalink