[patch] Improved D-BUS SELinux mediation

Colin Walters walters at verbum.org
Wed Nov 10 21:39:31 PST 2004


Hi,

The attached patch improves on the previous patch sent to the D-BUS list
for also having D-BUS check service labels for the send_msg permission.
One problem I ran into is that send_msg also mediates reply messages; so
in order to have a domain just reply to a sent message, it needs the
general send_msg back to the sender domain, as well as the service
domain.   The solution is to add a separate "reply" access vector.  
D-BUS will check that permission if a message is in reply to a known
sent message, otherwise it will use "send_msg".

While I was changing the access vectors, I thought I would go ahead and
add an "activate_svc" vector too (and add the requisite check in the D-
BUS code).  The long term plan I think is to use D-BUS for system
service activation too, and it seems undesirable for e.g. CUPS to have
the permission to activate your mail server (which could have other side
effects like binding to ports, etc).

The patch to D-BUS is first, and the patch to the Flask access_vectors
follows.

I'll be working on a patch to update the policy itself to handle these
new changes soon, along with labeling all the services we currently use.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-selinux-more-mediation.patch
Type: text/x-patch
Size: 37717 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20041111/9e39481e/dbus-selinux-more-mediation-0001.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: selinux-dbus-access-vectors.patch
Type: text/x-patch
Size: 246 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20041111/9e39481e/selinux-dbus-access-vectors-0001.bin


More information about the dbus mailing list