New SE-DBUS patch
walters at redhat.com
Fri Jun 25 12:23:13 PDT 2004
On Fri, 2004-06-25 at 14:37 -0400, Havoc Pennington wrote:
> On Fri, 2004-06-25 at 08:43, Matthew Rickard wrote:
> > That was my impression too, but Havoc mentioned in his response to the
> > initial patch that this wouldn't always be the case. Perhaps he can
> > give some more details on this?
> Well, it's true that a transport may not be a single fd. It could e.g.
> be a stream tunneled through X properties identified by an X window, or
> other stuff like that.
Eek. In that case, barring SE-X, there isn't any way to reliably get a
security context - since the X server is acting as an intermediary,
> Maybe instead of get_unix_fd() we could have a get_selinux_whatever()
> and corresponding DBusTransport virtualization?
Right. For transports other than Unix, I think we have to basically
punt and return some sort of default context.
> Did I suggest some way to solve this before?
I don't believe so, unless there was discussion outside Matthew's
original post from February.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040625/20e0d517/attachment.pgp
More information about the dbus