[patch] Add GetConnectionUnixSecurityContext
walters at verbum.org
Sat Jul 16 07:56:37 EST 2005
On Fri, 2005-07-15 at 08:31 -0400, David Zeuthen wrote:
> On Jul 14, 2005, at 1:59 AM, Colin Walters wrote:
> > Hi,
> > This patch adds a GetConnectionUnixSecurityContext method to the bus.
> Looks useful. Is this specifically for SELinux or also useful for
> other Unices? IOW, are security contexts a standardized thing, e.g.
> POSIX or something?
No, not standardized. This method is intended to be specific to
> My point is that maybe it's better to actually call this
> GetConnectionSELinuxSecurityContext() much like we call it
> GetConnectionUnixUser() and GetConnectionUnixProcessId() cause Win32
> is different here (and UnixUser and UnixProcessId is covered by e.g.
Well, I was going to rename it, but J5 just did 0.35...so it would
probably be a bad idea. In any case I don't think the current name is
too terrible. Other Unix systems don't have a concept of a security
context in their mainstream OSes. FreeBSD hackers are working Trusted
BSD which will use the same technology as SELinux, so it should be
> > This will be useful for any application that wants to act as a
> > userspace
> > object manager and is a D-BUS service. Nalin in particular was asking
> > me for this for his "oddjob" program.
> How about a test-case for this a'la check_get_connection_unix_user()
> and friends in bus/dispatch.c?
I'm not sure how to do that since it requires a SELinux-enabled kernel
and I don't think we can depend on that in the testsuite.
The only way I can see to do it is a fake libselinux you could
LD_PRELOAD. We should do that at some point, it's just not trivial.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/dbus/attachments/20050715/53ae4b09/attachment.pgp
More information about the dbus