Loadable security modules for D-Bus

Jamie Strandboge jamie at canonical.com
Tue Jan 10 00:00:22 PST 2012 

On Tue, 2012-01-10 at 01:10 +0100, Lennart Poettering wrote:
> On Mon, 09.01.12 17:33, John Johansen (john.johansen at canonical.com) wrote:
> 
> > >> So, yeah, not sure if I have the power to NACK this, but if I do this
> > >> gets a 1st rate NACK from me.
> > > 
> > > I agree with Lennart and with Felipe's last paragraph: we definitely don't need 
> > > dynamic loading. There is not going to be any distribution where the security 
> > > mechanism isn't known at compile time.
> > > 
> > Well both ubuntu and suse support multiple security mechanism and would likely
> > want to build support for multiple mechanisms in, having the correct mechanism
> > selected when dbus is started via a config, or the security system's init code
> > detecting which mechanism is in use.
> 
> Well, I don't know this for sure since I don't work for Suse, but afaik Suse
> more or less gave up on AppArmor, and nobody is actively maintaining it.
> 
This is patently false. Suse still uses AppArmor and AppArmor's
maintenance has largely been taken up by Canonical, with help from
others. It is now in the upstream kernel and is working its way into
Debian as well. AppArmor is active, maintained, in the upstream kernel
and in use by various distributions.

> I think most distro folks (besides Ubuntu) figured out by now that
> AppArmor is more on the crackish sides of things...
> 
> I mean, if it was for me and me alone we wouldn't bother with AppArmor
> support in D-Bus at all. But I guess we need to be fair to the Ubuntu
> folks, hence we probably need to accept patches for AppArmor.
> 
I'm not sure what this comment is supposed to achieve. Honestly the
SElinux vs AppArmor vs any non-SElinux lsm debate is quite tiresome and
doesn't really have a place in this context IMHO. Like others have said,
regardless of personal or technical preference, there are other LSMs out
there besides SElinux, and it would be great to have DBus support for
them in some form.

Also, some distributions want to provide a choice of LSMs since users
have different requirements. For example, while AppArmor is the default
in Ubuntu, we also have SElinux and Tomoyo available to our users. Suse
defaults to AppArmor, but also has a choice of SElinux. Debian uses
SElinux, but offers a choice of other LSMs (though the kernel work is
not yet complete AFAIK). Certainly others (may want to) do the same so
it would be nice for DBus to support this in a secure, reliable manner--
whether it is dynamically loaded modules or some other mechanism.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20120110/2ede3ddc/attachment-0001.pgp>

More information about the dbus mailing list