Starting the kdbus discussions

[Lennart Poettering]

On Fri, 03.01.14 14:12, John Johansen (john.johansen at canonical.com) wrote:

> >> I'm not sure I understand the suggestion to use Policykit. When confining an
> >> application, you want to block all access to the objects available on the
> >> session bus, and, depending on the rights you want to grant to the specific
> >> application, selectively allow certain paths, interfaces, method names. Using
> >> Policykit for this would mean every single application that offered methods on
> >> the session bus would need to integrate with policykit and perform its own
> >> access control. I'm not even sure how you would do that if you have multiple
> >> untrusted applications running.
> > 
> > Well, it's generally not applications talking to other
> > applications. It's mostly applications talking to desktop services. And
> Except when you start allowing application to advertise or replace services,
> this is done all the time in android.

Ahm, no. In Android this is done via "intents". apps never talk directly
to each others on android, they can just register handlers for intents
and some system component then arbitrates between them, without them
knowing much about each other. The intents stuff is an interactive way
to transition between two security domains. It's a great idea actually.

This is what we are trying to make work for the general Linux landscape
under the "Portals" name, as discussed at last GUADEC.

(Instead of doing your own proprietary Canonical thing regarding
sandboxing it might actually be worth talking to people in the Linux
world about these things, then you'd know things like this).

Lennart

-- 
Lennart Poettering, Red Hat