[apparmor] Follow-up on DBus syntax
Tyler Hicks
tyhicks at canonical.com
Tue Jul 9 05:05:38 UTC 2013
After gathering everyone's opinions[1] on the DBus syntax, John's wider
discussion[2] of IPC syntax, and various other conversations, I think
we've come to a conclusion on what the DBus syntax should look like.
I'll begin adjusting the existing parser patches (along with test cases,
documentation, etc.) this week and will get all of the patches posted to
the list ASAP.
Here's some examples of what the rules will look like:
dbus send path=/org/freedesktop/DBus interface=org.freedesktop.org member=Hello,
dbus bind bus=session name=com.foo.service,
dbus receive bus=session peer=(label=/usr/bin/client),
The 'acquire' keyword will go away in favor of 'bind'. Bind rules will
have the following syntax:
dbus [bind] [BUS] [NAME],
Read/Write rules will have the following syntax:
dbus [RW_ACCESS] [BUS] [PATH] [INTERFACE] [MEMBER] [PEER],
[PEER] can consist of a connection name or a peer label, enclosed inside
of 'peer=()'.
[RW_ACCESS] can be r, read, or receive when receiving DBus messages. It
can be w, write, or send when sending. It can also be a combination,
enclosed in parenthesis and separated by a comma and/or a space.
All of this will be more formally documented in the apparmor.d(5)
manpage. Let me know if there are any questions before I can finish and
post the patch set.
Tyler
[1] https://lists.ubuntu.com/archives/apparmor/2013-June/003816.html
[2] https://lists.ubuntu.com/archives/apparmor/2013-June/003926.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130708/8b6b731a/attachment.pgp>
More information about the AppArmor
mailing list