On Thu, May 09, 2013 at 03:08:35PM -0700, John Johansen wrote: > it depends how you look at it. To me it is changing the meaning of -> > of course I am now convinced that -> is just wrong and we need different > syntax, because -> just seems to have too many potential different > interpretations that could cause confusion
Or, we do a bit of jujitsu and -use- the meanings of -> as people seem to want to read it: do away with the word-based permissions. Stick with me :) dbus [address spec] acquire, # unchanged dbus [address spec] -> [address spec], # unidirectional dbus [address spec] <- [address spec], # unidirectional dbus [address spec] <-> [address spec], # bidirectional This does have a downside that identical rules could actually be written in two different ways: dbus name=foo.org.sender -> , dbus <- name=foo.org sender, -or- dbus -> name=foo.org.receiver, dbus name=foo.org.receiver <- , But if the arrows are so strongly tied to the direction information flows, we could just use it, and .. ignore the send and receive permissions entirely. We'd want to keep the implicitly added "you get to receive replies to the messages you send", of course. That's just too useful to get rid of. So? Eh? :) I'll take my MacArthur grant now, please. :)
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor