New SE-DBUS patch

Colin Walters walters at redhat.com
Fri Jun 25 12:23:13 PDT 2004


On Fri, 2004-06-25 at 14:37 -0400, Havoc Pennington wrote:
> On Fri, 2004-06-25 at 08:43, Matthew Rickard wrote:
> > 
> > That was my impression too, but Havoc mentioned in his response to the
> > initial patch that this wouldn't always be the case.  Perhaps he can
> > give some more details on this?
> 
> Well, it's true that a transport may not be a single fd. It could e.g.
> be a stream tunneled through X properties identified by an X window, or
> other stuff like that.

Eek.  In that case, barring SE-X, there isn't any way to reliably get a
security context - since the X server is acting as an intermediary,
correct?

> Maybe instead of get_unix_fd() we could have a get_selinux_whatever()
> and corresponding DBusTransport virtualization?

Right.  For transports other than Unix, I think we have to basically
punt and return some sort of default context.

> Did I suggest some way to solve this before?

I don't believe so, unless there was discussion outside Matthew's
original post from February.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://freedesktop.org/pipermail/dbus/attachments/20040625/20e0d517/attachment.pgp


More information about the dbus mailing list