An issue with group based <policy> in dbus daemon
Colin Walters
walters at verbum.org
Mon Aug 4 07:05:23 PDT 2008
On Mon, Aug 4, 2008 at 4:06 AM, Markku Savela <msa at moth.iki.fi> wrote:
>
> I needed the check against the current set, because the idea was to
> dynamically add or remove some groups to/from the process context.
>
Unix groups are nearly useless; the static nature of them is just one
problem.
You'd have to describe more of what the problem you're trying to solve is
for me to advise; but if your system has a targeted profile, SELinux gives
you very strong controls over the entire system security. The policy
language allows you to define which programs can communicate over the system
and session bus.
Your services can implement access control internally; PolicyKit is a
library for doing this.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/dbus/attachments/20080804/749ff4d1/attachment.html
More information about the dbus
mailing list