SE-DBUS updates

Matthew Rickard mjricka at epoch.ncsc.mil
Mon Jul 26 05:42:50 PDT 2004


On Sat, 2004-07-24 at 19:36, Havoc Pennington wrote:
> Cool stuff, thanks. I've hacked on the patch for a few hours now, mostly
> rearranging things to match D-BUS naming schemes and other conventions.

Great, thanks for fixing things up.

> 
> I don't seem to have the DBUS__ACQUIRE_SVC etc. macros, I changed
> configure.in to look for these, I guess they are probably in rawhide.
> Anyhow, this means I haven't compiled this patch and chances are 99% it
> doesn't compile.

Yeah, the new D-BUS class and permissions should be in the rawhide
libselinux.

> In short, the two options are to put the service to sid mapping in
> BusPolicy or in BusClientPolicy. (If in BusClientPolicy, BusPolicy still
> holds the whole set of service-sid pairs that _may_ apply to each
> client, and generates BusClientPolicy from there.)
> 
> To me it should be in BusPolicy, I'll probably code that up, but
> alternate arguments are welcome (or comments on the patch in general,
> I'm sure I screwed it up in dozens of ways).

The first option sounds correct since the mapping is global and not
per-connection based.

I see you've implemented this option in your next patch.  I can test
this stuff out, but it seems selinux.[ch] didn't make it into your
patch.  Can you redo the diff and send it again?


Matt






More information about the dbus mailing list