[patch] Add GetConnectionUnixSecurityContext

[Colin Walters]

On Fri, 2005-07-15 at 08:31 -0400, David Zeuthen wrote:
> On Jul 14, 2005, at 1:59 AM, Colin Walters wrote:
> 
> > Hi,
> >
> > This patch adds a GetConnectionUnixSecurityContext method to the bus.
> 
> Looks useful. Is this specifically for SELinux or also useful for  
> other Unices? IOW, are security contexts a standardized thing, e.g.  
> POSIX or something?

No, not standardized.  This method is intended to be specific to
SELinux.

> My point is that maybe it's better to actually call this  
> GetConnectionSELinuxSecurityContext() much like we call it  
> GetConnectionUnixUser() and GetConnectionUnixProcessId() cause Win32  
> is different here (and UnixUser and UnixProcessId is covered by e.g.  
> POSIX).

Well, I was going to rename it, but J5 just did 0.35...so it would
probably be a bad idea.  In any case I don't think the current name is
too terrible.  Other Unix systems don't have a concept of a security
context in their mainstream OSes.  FreeBSD hackers are working Trusted
BSD which will use the same technology as SELinux, so it should be
compatible.

> > This will be useful for any application that wants to act as a  
> > userspace
> > object manager and is a D-BUS service.  Nalin in particular was asking
> > me for this for his "oddjob" program.
> 
> How about a test-case for this a'la check_get_connection_unix_user()  
> and friends in bus/dispatch.c?

I'm not sure how to do that since it requires a SELinux-enabled kernel
and I don't think we can depend on that in the testsuite.

The only way I can see to do it is a fake libselinux you could
LD_PRELOAD.  We should do that at some point, it's just not trivial.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/dbus/attachments/20050715/53ae4b09/attachment.pgp