New SE-DBUS patch
Colin Walters
walters at redhat.com
Thu Jun 24 14:11:51 PDT 2004
On Thu, 2004-06-24 at 10:43 -0400, Matthew Rickard wrote:
> The patch does still need some work. One remaining issue is that
> dbus_connection_get_unix_fd() needs to be able to handle the case of
> multiple file descriptors. Any suggestions on the best way to do this?
I'm a bit confused as to how this case can arise. From my reading of
the code, DBusConnection only has one DBusTransport, and a DBusTransport
only has one fd. Am I missing something?
Even if it did have multiple fds, could it ever be the case that they
refer to different processes (i.e. they would have different security
contexts)?
If this could happen, it seems to me we should return a list of
contexts, and the avc would check each one, and if any of them would be
denied, then deny the operation. The alternative I guess would be
including the source context in DBusMessage?
> Also, the #ifdefs should be cleaned up,
Yeah - it would be nice if we could use an approach more like Linux,
where the SELinux types and calls are hidden behind a generic LSM
interface. If we had a generic security abstraction layer in D-BUS,
then the need for #ifdef would be greatly minimized. That's probably a
fair bit more work though.
Two other random comments:
- We probably need to wrap openlog/syslog in dbus-sysdeps.c?
- It looks to me like table_free_service_sid is unnecessary, since
dbus_free already handles NULL
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040624/e5f57084/attachment.pgp
More information about the dbus
mailing list