On 05/09/2013 01:32 PM, Tyler Hicks wrote: > On 2013-05-09 15:20:56, Jamie Strandboge wrote: >> On 05/09/2013 02:41 PM, John Johansen wrote: >>> >>> Lets look at it as local (subject) address and remote/peer address >>> >>> profile subject { >>> >>> dbus name=well.known.address acquire, >>> >>> dbus name=well.known.address receive, #subject can receive messages on >>> this well.known.address >>> >>> dbus -> name=a.peer.address send, #subject can send to a peer/remote >>> process using the well known address a.peer.address >>> >>> dbus -> name=a.peer.address receive, #subject can receive a message >>> from a peer/remote process that sent from its a.peer.address >>> # this case is unusual >>> >>> } >>> >>> note that send atomically gives permission to receive a reply, just not to >>> receive arbitrary new messages >>> >>> the unusually case is the one that tyler pointed out as problematic, and >>> I'm not sure it really is but I would like to get this right >>> >> >> This explanation makes things a lot more clear for me. Part of my >> problem was that I was trying to apply natural language to the rule, but >> your explanation is clear. >> >> That said, and speaking for myself only, I think I got tripped up >> because '->' suggests a direction. In most cases this works out ok, but >> in the unusual case: >> dbus -> name=a.peer.address receive, > > Now that I think about it more, this rule should never be written. It > says, "my peer (a.peer.address) can receive messages from anyone". > nope it says I can receive a message from my peer at a.peer.address
rules are always in the context of the Subject, the permission is the subjects permission. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor