[apparmor] dbus/pair address rule encoding

Jamie Strandboge jamie at canonical.com
Fri May 10 17:22:48 UTC 2013 

On 05/10/2013 11:42 AM, John Johansen wrote:
> On 05/10/2013 08:24 AM, Jamie Strandboge wrote:
>> On 05/10/2013 09:45 AM, Jamie Strandboge wrote:

...

>> Well, arguably the most consistent would be tweaking Steve's grouping
>> slightly to have a rule like this (my previous "I don't want commas for
>> the subject" comment didn't consider subj()):
>>
> I'll reiterate just in case people missed it buried in my reply to your
> other email, the commas in ( ) are optional. In fact the only reason
> I included support for them was that the original flags=( ) syntax
> used them and I included them for backwards compat. Of course it also
> doesn't hurt that it just works when someone is used to writing out
> a list with commas

Ok. I didn't think commas would be allowed for the subject. Ie, I
thought this was not allowed:

  dbus bus=session, name=..., path=... send,

so I didn't like the mixture of allowed/disallowed commas inside/outside
of peer().

> 
>> dbus bus=... subj=(name=..., path=...) peer=(name=..., path=...) send,
>>
> I could live with this too
> 
>> This is exceptionally clear and consistent with other multi-valued sets,
>> but is verbose ('subj=(name=...' admittedly looks slightly odd with the
>> two '='s in close proximity, but I can live with that).
>>
> yes the two = in proximity are a little weird
> 

But acceptable IMO

>> Still open, but this is my new favorite (let it sink in for a moment and
>> I think you may agree :).
>>
> So I tend to prefer the word being tied to the ( ), but I would be open
> to using a different symbol than =
> 

I agree, the word should be tied to the (), and again, '=' is acceptable
to me and consistent with other multi-valued sets.

I really am starting to like:
dbus [<bus>] [subj=()] [peer=()] [<access>],

cause is consistent within itself too, ie, when specifying 'bus':
  dbus bus=... subj=... peer=... send,

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130510/8d6b6cee/attachment.pgp>

More information about the AppArmor mailing list