[systemd-devel] [PATCH] policy: clean up headers and code documentation
Daniel Mack
daniel at zonque.org
Sat Jun 7 09:58:50 PDT 2014
Hi Djalal,
On 06/07/2014 06:47 PM, Djalal Harouni wrote:
> I'm sending this to have some updates on the policy!
>
> I did notice some issues and others still *to confirm*, so first I'm
> writing some policy tests to make sure we don't break. I'll clean what
> I've and get get back to you.
Sure, thanks for having a look. Note that the endpoint policy is
currently not well tested, as we lack support for custom endpoints in
userland. This will change soon, and it might be that kernel-side corner
cases went unnoticed.
> For the moment can you please confirm:
>
> 1) I assume the policy.c on the master branch is the correct one to
> work on?
Yes.
> 2) So buses and custom endpoints can have their own policy db.
> From reading the sources, I assume:
>
> * The two *share* the same internal format!
Not only that, they also kind of share the same external interface. And
internally, they're exactly the same thing, yes. They are talked to
through different ioctls though, but the layout of items is the same,
and the code is written so that we can share as much as possible for
both APIs.
> * The two are unrelated, and the endpoint policy takes precedence over
> the bus policy when doing the talk check!
Well, there no such thing as precedence really, they are simply checked
both. For example, when sending a message, both the endpoint and the bus
policy have to give TALK permission for the connections involved,
otherwise the message is rejected.
But as I said, some of that code has not been in production yet, so
there might be minor updates in that area.
Thanks,
Daniel
More information about the systemd-devel
mailing list