From 615ed4b7bb27df080f408c652c70c4ef6ea7ffd0 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 11 Feb 2015 13:40:23 +0000 Subject: [PATCH 5/5] Add LinuxSecurityLabel to specification Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89041 --- doc/dbus-specification.xml | 51 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index a9a8c59..5128791 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -6013,6 +6013,57 @@ a domain or local computer user or "S-1-5-18" for the LOCAL_SYSTEM user + + + LinuxSecurityLabel + ARRAY of BYTE + + On Linux systems, the security label that would result + from the SO_PEERSEC getsockopt call. The array contains + the non-zero bytes of the security label in an unspecified + ASCII-compatible encoding + It could be ASCII or UTF-8, but could also be + ISO Latin-1 or any other encoding. + , followed by a single zero byte. + + For example, the SELinux context + system_u:system_r:init_t:s0 + (a string of length 27) would be encoded as 28 bytes + ending with ':', 's', '0', '\x00'. + Note that this is not the same as the older + GetConnectionSELinuxContext method, which does + not append the zero byte. Always appending the + zero byte allows callers to read the string + from the message payload without copying. + + + + On SELinux systems this is the SELinux context, as output + by ps -Z or ls -Z. + Typical values might include + system_u:system_r:init_t:s0, + unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023, + or + unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023. + + + On Smack systems, this is the Smack label. + Typical values might include + _, *, + User, System + or System::Shared. + + + On AppArmor systems, this is the AppArmor context, + a composite string encoding the AppArmor label (one or more + profiles) and the enforcement mode. + Typical values might include unconfined, + /usr/bin/firefox (enforce) or + user1 (complain). + + + + -- 2.1.4