Starting the kdbus discussions

Ted Gould ted at gould.cx
Fri Jan 3 08:34:28 PST 2014


On Fri, 2014-01-03 at 13:51 +-0000, Simon McVittie wrote:

+AD4 It would probably make sense to have some sort of +ACI-second-class citizen+ACI
+AD4 scheme in which +ACI-trusted+ACI apps can talk to nearly everything,
+AD4 +ACI-untrusted+ACI apps can only talk to what they really need, and +ACI-trusted+ACI
+AD4 apps are gradually enhanced so they can be run as +ACI-untrusted+ACI. It would
+AD4 be reasonable to include +ACI-trusted+ACI apps in Ubuntu, but refuse to host
+AD4 apps on behalf of third parties unless they are +ACI-untrusted+ACI.


This is what we're doing.  The terms we're using are +ACI-confined+ACI apps.
Those apps then have an AppArmor profile where they're not allowed to do
a whole set of things, some of those things related to which DBus
services they're allowed to talk to.  For a detailed overview:

https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement

Some of the things on that page are future tense that should be past
tense today, but generally that describes what we're doing.

As far as DBus goes this means allowing messages to be rejected based on
the application's AppArmor profile, both on the system bus for system
services (i.e. asking network manager if we're connected) and session
bus (i.e to export menus).  Generally applications that are confined
have been targeted for and tested in this environment, so they're
probably not asking for services that are not allowed, but if they do
they get rejected.

Ted

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http:+AC8ALw-lists.freedesktop.org+AC8-archives+AC8-dbus+AC8-attachments+AC8-20140103+AC8-eb76fd3e+AC8-attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application+AC8-pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http:+AC8ALw-lists.freedesktop.org+AC8-archives+AC8-dbus+AC8-attachments+AC8-20140103+AC8-eb76fd3e+AC8-attachment.pgp>


More information about the dbus mailing list