Hi Djalal, On 06/20/2014 06:49 PM, Djalal Harouni wrote: > This series adds the test-kdbus-policy test. The first patches are > prepration then you have the test. > > Later there are several fixes and improvments, I've performed all the > tests with success.
Very nice, thanks a lot for doing this! I'll comment on the individual patches. > I still have another series which deals with the send access cache, will > send it soon, or perhaps tomorrow it should go on top of this. Ok, great. > Please Kay, Daniel allow me this question: > > The policy holders are just connections that register policy entries! > They dont register names, so the registered policy entry wont take any > effect unless you acquire (register into database) its name ! That's correct. The idea here is to close the gap between name acquisition and the policy being applied, and the owner of a name should not be the same instance that decides who's allowed to own it, who may talk to it or see it. Likewise, a connection can only own a name on the system bus if there's a policy rule that allows just that, and the rule has to be added beforehand by the bus owner. > We need here two operations: > 1) register as a policy holder > 2) acquire the name to be able to send to that name and to activate > the policy rules. > > Is this the intended behaviour ? Yes, exactly, and installing a policy is a privileged operation. We thought a lot about the design here, and I think this is a good and clean solution. Did you understand that right away? Is there anything illogical about the idea you're concerned about? We're open to suggestions. After all, the code is not yet in production :) Thanks, Daniel _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel