Starting the kdbus discussions

Simon McVittie simon.mcvittie at collabora.co.uk
Fri Jan 3 05:34:42 PST 2014


On 02/01/14 14:40, Daniel J Walsh wrote:
> What we would be interested in is controlling which process can
> assume the service name.  IE NetworkManager_t could assume the
> NetworkManager Service, and be blocked from assuming the
> AccountsDaemon Service name.

If kdbus doesn't know how to do this for uids, then that's a very
major security regression compared with dbus-daemon; so I would hope
that it can do this in-kernel. If it can do that for uids, presumably
it can (be enhanced to) do that for any other security label.

    S


More information about the dbus mailing list