[apparmor] dbus/pair address rule encoding
Jamie Strandboge
jamie at canonical.com
Thu May 9 21:26:48 UTC 2013
On 05/09/2013 04:12 PM, Jamie Strandboge wrote:
> Since <access> *always* applies to <subject>, maybe it makes sense to
> have it be next to it. Ie:
>
> dbus [<subject>] <access> [<peer>],
>
> such that:
>
> profile subject {
> dbus name=well.known.address acquire,
> dbus name=well.known.address receive,
> dbus send -> name=a.peer.address,
> dbus receive -> name=a.peer.address,
>
> # get as specific as you like:
> dbus name=... interface=... (send, receive) -> name=... path=...,
>
FYI, I'm not totally happy with '->' as the delimiter here since it
still implies direction. Some ideas:
dbus send -> name=a.peer.address, # nice with send
dbus receive -> name=a.peer.address, # weird with receive
dbus send <> name=a.peer.address, # looks weird
dbus send -- name=a.peer.address, # clear, looks 'ok'
dbus receive -- name=a.peer.address, # clear, looks 'ok'
dbus send @ name=a.peer.address, # maybe confusing with vars
dbus receive @ name=a.peer.address, # maybe confusing with vars
dbus send {name=a.peer.address}, # confusing with vars and aare
dbus receive [name=a.peer.address], # confusing with aara
I think I like '--' and '@', but not sure. I'm open to other ideas.
--
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130509/86dfd9d0/attachment.pgp>
More information about the AppArmor
mailing list