On 2013-05-09 16:37:06, Jamie Strandboge wrote: > On 05/09/2013 04:13 PM, Tyler Hicks wrote: > > > Take this rule for example: > > > > dbus bus=session -> name=com.example.service path=/com/example/service > > interface=com.example.service receive, > > > > If we adjust our thinking a little it could mean, "a message that flows > > FROM anywhere TO com.example.service can be received under the > > current profile." > > > I don't understand this sentence. How can a message flow from anywhere > to com.example.service and be received by anywhere (which is what is the > subject of the current profile)?
It can't be received by anywhere. It can only be received by the application running under the profile containing that rule. I'll try my best to better explain this but I'm not confident I will make it any more clear. The conditionals are there to match a specific message flow. In this case, it is FROM anywhere (because there is no address conditional on the left side of the ->) TO com.example.service. The permission at the end is there to allow the current profile to do something when it encounters the message flow. In this case, it is to receive the message that matches the specified flow. So, that rule allows for receiving a message that flows from anywhere to com.example.service. > > I think my brain just melted... :) Clear as mud now? Tyler > > -- > Jamie Strandboge http://www.ubuntu.com/ >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
