Bug 105659

Summary: Containers message filtering/policy (#101902): control over messages leaving container
Product: dbus Reporter: Simon McVittie <smcv>
Component: coreAssignee: D-Bus Maintainers <dbus>
Status: RESOLVED MOVED QA Contact: D-Bus Maintainers <dbus>
Severity: enhancement    
Priority: medium CC: alexl, bugzilla, dbus, desrt, james
Version: git master   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on: 105658    
Bug Blocks: 101902    

Description Simon McVittie 2018-03-21 12:48:04 UTC
+++ This bug was initially created as a clone of Bug #101902 +++

[ ] Can add rules to give a contained app permission to send method calls
    [ ] ... to any bus name
    [ ] ... to specified bus names
    [ ] ... only if they are to a specified object path
    [ ] ... only if they are to a specified object path hierarchy (OBJECT_PATH_IS_SUBTREE flag)
    [ ] ... only if they are on a specified interface
    [ ] ... only if they are a specified member of a specified interface
[ ] Sending Unix fds is only allowed if a rule with the SEND_UNIX_FDS flag allows it
[ ] Can add rules to give a contained app permission to send unicast signals
    [ ] ... to any bus name
    [ ] ... to specified bus names
    [ ] ... only if they are from a specified object path
    [ ] ... only if they are from a specified object path hierarchy
    [ ] ... only if they are from a specified interface
    [ ] ... only if they are a specified member of a specified interface (INTERFACE_IS_REALLY_MEMBER flag, or some better name)
[ ] Can add rules to give a contained app permission to send broadcast signals outside its own container instance
    [ ] ... only if they are from a specified object path
    [ ] ... only if they are from a specified object path hierarchy
    [ ] ... only if they are from a specified interface
    [ ] ... only if they are a specified member of a specified interface
    [ ] Failing to send a broadcast does not return an error to the caller at all
    [ ] Failing to send a broadcast to an interested connection does notify monitors
[ ] Each method call sent can have exactly 1 reply, unless it has NO_REPLY_EXPECTED
[ ] If the sender cannot even SEE the proposed destination, the error returned does not allow discovery of whether the destination was even present (ideally check this before even finding out whether the destination exists)
[ ] Unit tests

To be designed
==============

One of these:

    * ACTIVATE flag controls StartServiceByName()
    * You can StartServiceByName(foo) if there is any method call that
      you would be allowed to send to foo

Out of scope
============

* Receiving non-reply messages
Comment 1 GitLab Migration User 2018-10-12 21:34:23 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/204.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.