From: shazalive@gmail.com (Shaz) Date: Wed, 12 May 2010 18:15:55 +0500 Subject: [refpolicy] Dbus rules in LPM for a Dbus based service like Network Manager In-Reply-To: <1273668133.3738.14.camel@moss-pluto.epoch.ncsc.mil> References: <1273668133.3738.14.camel@moss-pluto.epoch.ncsc.mil> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com > It doesn't look like refpolicy presently defines any associate elements > in the default dbus_contexts configuration files. So that would mean > that acquire_svc checks are always against the bus daemon context, as > per man dbus-daemon. The intent was to allow control over what > processes can bind to specific names in dbus, just as we control what > processes can bind to specific TCP/UDP ports in the kernel. I'm not > sure why people haven't configured it for well-known dbus services and > used that to prevent arbitrary processes from binding those service > names. > > The send_msg checks on the other hand are between the sender and > recipient contexts and don't rely on dbus_contexts configuration. > Thank you Stephen for a nice starting pointer. Before asking any further questions regarding this I will wait for some more replies from others to make the thread useful. -- Shaz -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100512/5c194981/attachment.html