[apparmor] dbus/pair address rule encoding
John Johansen
john.johansen at canonical.com
Thu May 9 21:41:52 UTC 2013
On 05/09/2013 02:26 PM, Jamie Strandboge wrote:
> On 05/09/2013 04:12 PM, Jamie Strandboge wrote:
>
>> Since <access> *always* applies to <subject>, maybe it makes sense to
>> have it be next to it. Ie:
>>
>> dbus [<subject>] <access> [<peer>],
>>
>> such that:
>>
>> profile subject {
>> dbus name=well.known.address acquire,
>> dbus name=well.known.address receive,
>> dbus send -> name=a.peer.address,
>> dbus receive -> name=a.peer.address,
>>
>> # get as specific as you like:
>> dbus name=... interface=... (send, receive) -> name=... path=...,
>>
> FYI, I'm not totally happy with '->' as the delimiter here since it
> still implies direction. Some ideas:
>
> dbus send -> name=a.peer.address, # nice with send
> dbus receive -> name=a.peer.address, # weird with receive
>
> dbus send <> name=a.peer.address, # looks weird
>
> dbus send -- name=a.peer.address, # clear, looks 'ok'
> dbus receive -- name=a.peer.address, # clear, looks 'ok'
>
> dbus send @ name=a.peer.address, # maybe confusing with vars
> dbus receive @ name=a.peer.address, # maybe confusing with vars
>
> dbus send {name=a.peer.address}, # confusing with vars and aare
> dbus receive [name=a.peer.address], # confusing with aara
>
> I think I like '--' and '@', but not sure. I'm open to other ideas.
>
>
>
I prefer the '--'
More information about the AppArmor
mailing list