Add argument checks to policy <allow>/<deny> rules.
Colin Walters
walters at verbum.org
Thu Jun 17 14:04:58 PDT 2010
On Mon, Jun 7, 2010 at 10:49 AM, Pekka Pessi <ppessi at gmail.com> wrote:
>
> I think the policykit was considered, I don't know why it was not
> accepted. Perhaps later.
I wasn't actually suggesting PolicyKit exactly - you can also as I
mentioned do checks easily enough using GetConnectionUnixUid or
whatever inside your service without the full blown generality of
PolicyKit.
> For all I know, we use bus policy because it
> does not require any changes to D-Bus services or clients and it is
> lightweight enough.
What I need from you is more details about exactly how you're using
this patch. Concretely - are you using uid-based checks? Do you have
something custom like the "console" stuff that's wedged into dbus now?
> And the main reason is because it is there.
Yes, but...let's say that libdbus had convenience API wrappers around
filtering messages using GetConnectionUnixUid - would that be
acceptable? Might be something like:
DBusMessageFilter *filter = dbus_message_filter_new ("/path/to/rules.xml");
where rules.xml had:
<allow uid=500/>
Then in your dbus (message) filter function you say if
(!dbus_message_filter_check (filter, connection, message)) return;
and it would take care of returning an error mesage.
More information about the dbus
mailing list