[RFE] Support signaling only connections owned by specific uid
Pavel Březina
pbrezina at redhat.com
Thu Apr 8 11:57:23 UTC 2021
On 4/8/21 11:22 AM, David Rheinsberg wrote:
> Hi
>
> On Thu, 8 Apr 2021 at 11:12, Bogdan Lotko <bogdan at lotko.at> wrote:
>> I don't know the details, but is it not much more simple to make a
>> broadcast and process the message only in applications that belong to
>> specified user?
>
> To extend on that, a simple solution is to only broadcast public
> information and require callers to request more data via a
> method-call. This method-call can then be guarded by uid verification,
> etc. The D-Bus `PropertiesChanged` signal allows for a simple solution
> by utilizing the `invalidated-properties` feature, rather than
> including payload directly in the signal.
This is not possible. The signal itself is private information, so it
needs to be delivered only to the user processes.
> On a different note, you can always send directed-signals as unicasts
> to all interested/authorized parties. These will not be proper
> multicasts, though, thus subject to re-ordering.
Yes, as I wrote in the description, there are solutions to workaround
lack of this functionality. However, it all requires lots of additional
work to manage subscribed parties and it also requires sending a single
message to each subscriber which may become a bottleneck if sssd-kcm
notifications are overused.
Therefore we want to pursue this RFE in dbus if possible. Notifications
are signals, so the proper implementation should be based on signals. We
just need to limit the broadcast a little bit.
More information about the dbus
mailing list