Starting the kdbus discussions
Alberto Mardegan
alberto.mardegan at canonical.com
Thu Jan 2 11:30:04 PST 2014
On 01/02/2014 06:23 PM, Marc Deslauriers wrote:
> I'd rather use kdbus, but not at the expense of being able to enforce a central
> fine-grained security policy like we are doing now on Ubuntu Touch, and will be
> doing on the desktop in the near future. Sure, we could stick with dbus-daemon
> for now, but ideally having dbus in the kernel would be beneficial from a
> performance perspective (probably...would have to benchmark it...). Having a LSM
> be able to perform fine-grained security decisions in kdbus would be ideal.
Does it really need to be centralized? Can't we patch GDBus and libdbus1
to check the incoming messages against an apparmor profile?
Given how GVariant serialization works, this should be feasible with a
minimal impact on performance. And it should be possible to share the
implementation of this check, and just have a 2-line patch in GDBus and
libdbus1:
if (!apparmor_check_kdbus_message(fd, &message_gvariant))
return;
(assuming we can get the peer's apparmor profile via the kdbus fd)
Ciao,
Alberto
More information about the dbus
mailing list