On 05/09/2013 01:32 PM, Tyler Hicks wrote:
> On 2013-05-09 15:20:56, Jamie Strandboge wrote:
>> On 05/09/2013 02:41 PM, John Johansen wrote:
>>>
>>> Lets look at it as local (subject) address and remote/peer address
>>>
>>> profile subject {
>>>
>>> dbus name=well.known.address acquire,
>>>
>>> dbus name=well.known.address receive, #subject can receive messages on
>>> this well.known.address
>>>
>>> dbus -> name=a.peer.address send, #subject can send to a peer/remote
>>> process using the well known address a.peer.address
>>>
>>> dbus -> name=a.peer.address receive, #subject can receive a message
>>> from a peer/remote process that sent from its a.peer.address
>>> # this case is unusual
>>>
>>> }
>>>
>>> note that send atomically gives permission to receive a reply, just not to
>>> receive arbitrary new messages
>>>
>>> the unusually case is the one that tyler pointed out as problematic, and
>>> I'm not sure it really is but I would like to get this right
>>>
>>
>> This explanation makes things a lot more clear for me. Part of my
>> problem was that I was trying to apply natural language to the rule, but
>> your explanation is clear.
>>
>> That said, and speaking for myself only, I think I got tripped up
>> because '->' suggests a direction. In most cases this works out ok, but
>> in the unusual case:
>> dbus -> name=a.peer.address receive,
>
> Now that I think about it more, this rule should never be written. It
> says, "my peer (a.peer.address) can receive messages from anyone".
>
nope it says I can receive a message from my peer at a.peer.address
rules are always in the context of the Subject, the permission is the
subjects permission.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
