[apparmor] dbus/pair address rule encoding
Christian Boltz
apparmor at cboltz.de
Thu May 9 14:16:21 UTC 2013
Hello,
Am Mittwoch, 8. Mai 2013 schrieb John Johansen:
> On 05/08/2013 05:23 PM, Tyler Hicks wrote:
> > On 2013-05-08 14:43:59, John Johansen wrote:
> > The arrow notation make sense in this example, but I just realized
> > how confusing it is if we need to specify the receive permission
> > instead of send:
> >
> > dbus name=foo.com -> name=bar.com receive,
> >
> > That rule allows foo.com to receive a message from bar.com but the
> > arrow is backwards from what the rule actually does.
> >
> > I know we talked about using 'peer' or '|' instead of '->' and I
> > thought that '->' looked the best, but now I'm thinking that it
> > might be the most confusing of the options that we discussed. :/
>
> I am open to suggestions
>
> <-
> <->
>
> or maybe the different symbols depending on the perm?
What about fixing the syntax instead? ;-)
If I understand you right, the current syntax is
dbus name=receiver.com -> name=sender.com receive,
Independent on the arrow, it looks confusing to me because the receiver
is mentioned first.
Could we just switch it to the way that is also used for send?
I'd propose
dbus name=sender.com -> name=receiver.com receive,
Advantages are:
- we can keep the arrow
- same order for send and receive (s/receive,/send,/ and you have the
rule for the sending program)
BTW: please use "sender.com" and "receiver.com" instead of foo and bar
to make your mails easier understandable ;-)
Regards,
Christian Boltz
--
Was habt Ihr denn? emacs ist doch ein tolles Betriebssystem!
Das einzige was ihm fehlt, ist ein vernünftiger Editor (vim?)
[Jan Trippler in suse-linux]
More information about the AppArmor
mailing list