Starting the kdbus discussions
Simon McVittie
simon.mcvittie at collabora.co.uk
Fri Jan 3 05:34:42 PST 2014
On 02/01/14 14:40, Daniel J Walsh wrote:
> What we would be interested in is controlling which process can
> assume the service name. IE NetworkManager_t could assume the
> NetworkManager Service, and be blocked from assuming the
> AccountsDaemon Service name.
If kdbus doesn't know how to do this for uids, then that's a very
major security regression compared with dbus-daemon; so I would hope
that it can do this in-kernel. If it can do that for uids, presumably
it can (be enhanced to) do that for any other security label.
S
More information about the dbus
mailing list