[systemd-devel] [PATCH] policy: clean up headers and code documentation
Djalal Harouni
tixxdz at opendz.org
Sat Jun 7 10:19:48 PDT 2014
On Sat, Jun 07, 2014 at 06:58:50PM +0200, Daniel Mack wrote:
> Hi Djalal,
>
> On 06/07/2014 06:47 PM, Djalal Harouni wrote:
> > I'm sending this to have some updates on the policy!
> >
> > I did notice some issues and others still *to confirm*, so first I'm
> > writing some policy tests to make sure we don't break. I'll clean what
> > I've and get get back to you.
>
> Sure, thanks for having a look. Note that the endpoint policy is
> currently not well tested, as we lack support for custom endpoints in
> userland. This will change soon, and it might be that kernel-side corner
> cases went unnoticed.
Yes I noticed the custom endpoint part, I did write a test which didn't
work, Ok!
So first, I'll try to help and test the bus policy.
> > For the moment can you please confirm:
> >
> > 1) I assume the policy.c on the master branch is the correct one to
> > work on?
>
> Yes.
>
> > 2) So buses and custom endpoints can have their own policy db.
> > From reading the sources, I assume:
> >
> > * The two *share* the same internal format!
>
> Not only that, they also kind of share the same external interface. And
> internally, they're exactly the same thing, yes. They are talked to
> through different ioctls though, but the layout of items is the same,
> and the code is written so that we can share as much as possible for
> both APIs.
Ok.
> > * The two are unrelated, and the endpoint policy takes precedence over
> > the bus policy when doing the talk check!
>
> Well, there no such thing as precedence really, they are simply checked
> both. For example, when sending a message, both the endpoint and the bus
> policy have to give TALK permission for the connections involved,
> otherwise the message is rejected.
I misread the code, indeed we check both of them.
> But as I said, some of that code has not been in production yet, so
> there might be minor updates in that area.
Ok, many thanks Daniel!
I'll clean what I've and get back to you.
> Thanks,
> Daniel
>
--
Djalal Harouni
http://opendz.org
More information about the systemd-devel
mailing list