[Merge] lp:~jamesodhunt/upstart/upstart-dbus-bridge into lp:upstart
Steve Langasek
steve.langasek at canonical.com
Wed Jun 26 15:48:37 UTC 2013
On Tue, Jun 25, 2013 at 08:22:28PM -0000, Ted Gould wrote:
> The reason that I think the system event bridge needs to be in the user
> session is so that the bus is connected to as the user, so the usual
> protections there (AppArmor for instance) will be able to monitor that
> connection. I don't think that using the system dbus event bridge is a
> good idea, because it could result in these mechanisms being subverted.
> That doesn't mean I think it couldn't be fixed, but I don't think it
> should block the feature landing because the work around of having two
> event bridges per session will work and isn't that expensive (the event
> bridge is small).
Note that, *if* we have a dbus bridge running at the system level, and there
are system jobs configured to want certain dbus events, these dbus events
will by default leak across the other bridge into the user session as
:sys:dbus events. So if visibility of these events is truly a concern, we
probably need to discuss with the security team how to make this happen.
--
https://code.launchpad.net/~jamesodhunt/upstart/upstart-dbus-bridge/+merge/161772
Your team Upstart Reviewers is subscribed to branch lp:upstart.
More information about the upstart-devel
mailing list