Containers message filtering/policy (#101902): control over receiving Unix fds
Submitted by Simon McVittie
Assigned to D-Bus Maintainers
Link to original bug (#105657)
Description
+++ This bug was initially created as a clone of Bug #101902 +++
Allow rules (see Bug #101902) need to be able to opt-in to a container instance receiving Unix fds.
To be designed
One of:
- The rule's object path, bus name, interface must match the message
- The bus name must match but the object path and interface must be non-specific
- The object path, bus name, interface must be non-specific
One of:
- The flag works for both method calls and unicast signals and does not differentiate (this is a bit odd if filtering by path or interface is allowed, because they have different meanings in each direction)
- The flag is split into RECEIVE_UNIX_FD_METHOD_CALLS and RECEIVE_UNIX_FD_SIGNALS
- RECEIVE_UNIX_FDS is assumed to mean method calls because putting fds in signals is silly
Out of scope
- Sending Unix fds
- Receiving Unix fds in broadcast signals (which is ridiculous)
Version: git master