Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • D dbus
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 249
    • Issues 249
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 33
    • Merge requests 33
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • dbus
  • dbus
  • Issues
  • #203
Closed
Open
Created Mar 21, 2018 by Bugzilla Migration User@bugzilla-migration

Containers message filtering/policy (#101902): SEE access control

Submitted by Simon McVittie

Assigned to Simon McVittie

Link to original bug (#105658)

Description

+++ This bug was initially created as a clone of Bug #101902 +++

Implement the SEE access-control model as a step towards Bug #101902.

  • Allow list can contain tuples with SEE flag and bus name
  • If a contained peer calls ListActivatableNames, ListNames, NameHasOwner or GetNameOwner, names that it can SEE are not treated as if they didn't exist
  • A contained peer can see NameOwnerChanged signals where the name in question is one that it can SEE
  • If a contained peer can SEE a well-known name, then it can SEE the unique name that owns that well-known name too (the primary owner)
  • If a contained peer receives a method call or unicast signal from outside the container, then it receives SEE access to the sender's unique name
  • Add a named parameter or a special allow rule that lets the contained peer SEE every unique name
  • Bus name can be "" to match anything
  • Bus name can be combined with BUS_NAME_IS_SUBTREE flag to match like arg0namespace
  • Object path is ignored for SEE checks
  • Interface is ignored for SEE checks

To be designed

One of these:

* If a contained peer can SEE a well-known name, then it can SEE every
  unique name in the queue for that well-known name
* If a contained peer can SEE a well-known name, this does not affect
  whether it can SEE unique names that are in the queue for the
  well-known name but are not the primary owner

Version: git master

Depends on

  • Bug 105656

Blocking

  • Bug 101902
  • Bug 105659
  • Bug 105660
Assignee
Assign to
Time tracking