105659 – Containers message filtering/policy (#101902): control over messages leaving container

Bug 105659 - Containers message filtering/policy (#101902): control over messages leaving container

Summary: Containers message filtering/policy (#101902): control over messages leaving ...

Status:	RESOLVED MOVED

Alias:	None

Product:	dbus
Classification:	Unclassified
Component:	core (show other bugs)
Version:	git master
Hardware:	All All

Importance:	medium enhancement
Assignee:	D-Bus Maintainers
QA Contact:	D-Bus Maintainers

URL:
Whiteboard:
Keywords:

Depends on:	105658
Blocks:	101902
	Show dependency tree / graph

Reported:	2018-03-21 12:48 UTC by Simon McVittie
Modified:	2018-10-12 21:34 UTC (History)
CC List:	5 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Simon McVittie 2018-03-21 12:48:04 UTC

+++ This bug was initially created as a clone of Bug #101902 +++

[ ] Can add rules to give a contained app permission to send method calls
    [ ] ... to any bus name
    [ ] ... to specified bus names
    [ ] ... only if they are to a specified object path
    [ ] ... only if they are to a specified object path hierarchy (OBJECT_PATH_IS_SUBTREE flag)
    [ ] ... only if they are on a specified interface
    [ ] ... only if they are a specified member of a specified interface
[ ] Sending Unix fds is only allowed if a rule with the SEND_UNIX_FDS flag allows it
[ ] Can add rules to give a contained app permission to send unicast signals
    [ ] ... to any bus name
    [ ] ... to specified bus names
    [ ] ... only if they are from a specified object path
    [ ] ... only if they are from a specified object path hierarchy
    [ ] ... only if they are from a specified interface
    [ ] ... only if they are a specified member of a specified interface (INTERFACE_IS_REALLY_MEMBER flag, or some better name)
[ ] Can add rules to give a contained app permission to send broadcast signals outside its own container instance
    [ ] ... only if they are from a specified object path
    [ ] ... only if they are from a specified object path hierarchy
    [ ] ... only if they are from a specified interface
    [ ] ... only if they are a specified member of a specified interface
    [ ] Failing to send a broadcast does not return an error to the caller at all
    [ ] Failing to send a broadcast to an interested connection does notify monitors
[ ] Each method call sent can have exactly 1 reply, unless it has NO_REPLY_EXPECTED
[ ] If the sender cannot even SEE the proposed destination, the error returned does not allow discovery of whether the destination was even present (ideally check this before even finding out whether the destination exists)
[ ] Unit tests

To be designed
==============

One of these:

    * ACTIVATE flag controls StartServiceByName()
    * You can StartServiceByName(foo) if there is any method call that
      you would be allowed to send to foo

Out of scope
============

* Receiving non-reply messages

Comment 1 GitLab Migration User 2018-10-12 21:34:23 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/204.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.