[systemd-devel] [PATCH] policy: clean up headers and code documentation

Djalal Harouni tixxdz at opendz.org
Sat Jun 7 10:19:48 PDT 2014


On Sat, Jun 07, 2014 at 06:58:50PM +0200, Daniel Mack wrote:
> Hi Djalal,
> 
> On 06/07/2014 06:47 PM, Djalal Harouni wrote:
> > I'm sending this to have some updates on the policy!
> > 
> > I did notice some issues and others still *to confirm*, so first I'm
> > writing some policy tests to make sure we don't break. I'll clean what
> > I've and get get back to you.
> 
> Sure, thanks for having a look. Note that the endpoint policy is
> currently not well tested, as we lack support for custom endpoints in
> userland. This will change soon, and it might be that kernel-side corner
> cases went unnoticed.
Yes I noticed the custom endpoint part, I did write a test which didn't
work, Ok!

So first, I'll try to help and test the bus policy.

> > For the moment can you please confirm:
> > 
> > 1) I assume the policy.c on the master branch is the correct one to
> > work on?
> 
> Yes.
> 
> > 2) So buses and custom endpoints can have their own policy db.
> > From reading the sources, I assume:
> > 
> > * The two *share* the same internal format!
> 
> Not only that, they also kind of share the same external interface. And
> internally, they're exactly the same thing, yes. They are talked to
> through different ioctls though, but the layout of items is the same,
> and the code is written so that we can share as much as possible for
> both APIs.
Ok.

> > * The two are unrelated, and the endpoint policy takes precedence over
> >   the bus policy when doing the talk check!
> 
> Well, there no such thing as precedence really, they are simply checked
> both. For example, when sending a message, both the endpoint and the bus
> policy have to give TALK permission for the connections involved,
> otherwise the message is rejected.
I misread the code, indeed we check both of them.

> But as I said, some of that code has not been in production yet, so
> there might be minor updates in that area.
Ok, many thanks Daniel!

I'll clean what I've and get back to you.

> Thanks,
> Daniel
> 

-- 
Djalal Harouni
http://opendz.org


More information about the systemd-devel mailing list