--On Friday, August 08, 2008 01:47:51 PM -0700 Artem Kachitchkine 
<Artem.Kachitchkin at Sun.COM> wrote:

> Don't forget about method calls. DBus has pluggable authentication, but
> what's available now might not be sufficient. Also remember that in
> addition to session and system bus mode (over unix sockets), it also
> supports network mode (inet sockets) - which is not widely used, but
> something to consider wrt virtual environments.
>
> If you let your imagination go, DBus can be used for all kinds of
> information. If DBus sounds too foreign to you, think of sysevents and
> doors. They are as generic and subject to similar risks to DBus.

This is actually the key point.  DBus is not a repository of information; 
it is a fairly general IPC mechanism.  If two processes in different zones 
have access to the same DBus bus, then there is a communication channel 
between them, and the DBus daemon will almost certainly have to be made 
zone-aware and able to restrict what kind of communication is permitted 
between zones.

-- Jeff

Reply via email to