[apparmor] dbus/pair address rule encoding

Tyler Hicks tyhicks at canonical.com
Thu May 9 20:48:23 UTC 2013 

On 2013-05-09 13:37:00, John Johansen wrote:
> On 05/09/2013 01:32 PM, Tyler Hicks wrote:
> > On 2013-05-09 15:20:56, Jamie Strandboge wrote:
> >> On 05/09/2013 02:41 PM, John Johansen wrote:
> >>>
> >>> Lets look at it as local (subject) address and remote/peer address
> >>>
> >>> profile subject {
> >>>
> >>>   dbus name=well.known.address acquire,
> >>>
> >>>   dbus name=well.known.address receive,  #subject can receive messages on this well.known.address
> >>>
> >>>   dbus -> name=a.peer.address send,      #subject can send to a peer/remote process using the well known address a.peer.address
> >>>
> >>>   dbus -> name=a.peer.address receive,   #subject can receive a message from a peer/remote process that sent from its a.peer.address
> >>>                                          # this case is unusual
> >>>
> >>> }
> >>>
> >>> note that send atomically gives permission to receive a reply, just not to receive arbitrary new messages
> >>>
> >>> the unusually case is the one that tyler pointed out as problematic, and I'm not sure it really is but I would like to get this right
> >>>
> >>
> >> This explanation makes things a lot more clear for me. Part of my
> >> problem was that I was trying to apply natural language to the rule, but
> >> your explanation is clear.
> >>
> >> That said, and speaking for myself only, I think I got tripped up
> >> because '->' suggests a direction. In most cases this works out ok, but
> >> in the unusual case:
> >> dbus -> name=a.peer.address receive,
> > 
> > Now that I think about it more, this rule should never be written. It
> > says, "my peer (a.peer.address) can receive messages from anyone".
> > 
> nope it says I can receive a message from my peer at a.peer.address

That's what it says to you right now. But I'm arguing that we're
thinking about it wrong. I just sent another email with clear examples.

Tyler

> 
> rules are always in the context of the Subject, the permission is the
> subjects permission.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130509/93ef9da3/attachment.pgp>

More information about the AppArmor mailing list