Hi,
On 12/01/2014 07:11 PM, Karol Lewandowski wrote:
I would be quite worried if "path taken by Tizen" would be radically
different
from upstream's. Ignoring community direction might cost us a lot in
long run
- and I do not think anyone would be interested in that,
I do believe we are considering this approach because:
(1) there is clear need for fine-grained policy checking
(2) upstream packages we are interested in do not implement it on
service side
(3) trying to change above does seem too much work compared to gains
it might bring.
... and I agree that in above cases implementing dynamic checks in
dbus-daemon
might be great idea.
However, what I would warn (and advise) against is delegating policy
checks to
dbus-daemon where we can implement it directly in given service without
too much
trouble (ie. all services we are *the* upstream of).
While this isn't problem for now I would encourage to really take into
account
that in next 1-2 years Linux systems are likely to be running without
dbus-daemon
at all.
Cheers,
I think that preparing security policy configuration files for services
will be beneficial regardless of the approach we take eventually. These
files define security policy in a declarative, easy to read way so
developer working on enforcing security checks on the service side
should find it usable.
Furthermore, in the (hopefully near) future we should know if
credentials will be part of D-Bus messages like it has been suggested
some time ago. This will make it possible to agree on the implementation
details.
Best regards,
--
Jacek Bukarewicz
Samsung R&D Institute Poland
Samsung Electronics
[email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
