Comment # 14 on bug 1202059 from Imobach Gonzalez Sosa

(In reply to Matthias Gerstner from comment #13)

> The point I wanted to make is that regardless with user the client runs
> as, by having access to the installer D-Bus service it can do more or less
> what it wants on the system (like installing Linux on any block device,
> setting up passwords etc.). Right?

Yes.

> I would suggest that you use the D-Bus configuration to only allow a
> dedicated
> user to communicate with the service (maybe in the beginning root, later
> maybe
> some other user account). When you come up with that new config file I can
> whitelist the stuff.

OK, it makes sense. We are restricting the access to the root user only by now
(see https://github.com/yast/d-installer/pull/267). 

[..]

> After starting the service it works, but the service should also *autostart*
> due to the configuration files in the package. That is where the error above
> is coming from, the autostarting somehow failed.
> 
> Autostarting the installer maybe isn't the best idea anyway, it should always
> be explicitly started. But then you shouldn't ship an autostart config.

That's true. The service name was wrong, but I agree that it does not make much
sense. So in the same PR (https://github.com/yast/d-installer/pull/267) I am
dropping the D-Bus service file.

Thanks!