On Sat, Jun 07, 2014 at 06:58:50PM +0200, Daniel Mack wrote: > Hi Djalal, > > On 06/07/2014 06:47 PM, Djalal Harouni wrote: > > I'm sending this to have some updates on the policy! > > > > I did notice some issues and others still *to confirm*, so first I'm > > writing some policy tests to make sure we don't break. I'll clean what > > I've and get get back to you. > > Sure, thanks for having a look. Note that the endpoint policy is > currently not well tested, as we lack support for custom endpoints in > userland. This will change soon, and it might be that kernel-side corner > cases went unnoticed. Yes I noticed the custom endpoint part, I did write a test which didn't work, Ok!
So first, I'll try to help and test the bus policy. > > For the moment can you please confirm: > > > > 1) I assume the policy.c on the master branch is the correct one to > > work on? > > Yes. > > > 2) So buses and custom endpoints can have their own policy db. > > From reading the sources, I assume: > > > > * The two *share* the same internal format! > > Not only that, they also kind of share the same external interface. And > internally, they're exactly the same thing, yes. They are talked to > through different ioctls though, but the layout of items is the same, > and the code is written so that we can share as much as possible for > both APIs. Ok. > > * The two are unrelated, and the endpoint policy takes precedence over > > the bus policy when doing the talk check! > > Well, there no such thing as precedence really, they are simply checked > both. For example, when sending a message, both the endpoint and the bus > policy have to give TALK permission for the connections involved, > otherwise the message is rejected. I misread the code, indeed we check both of them. > But as I said, some of that code has not been in production yet, so > there might be minor updates in that area. Ok, many thanks Daniel! I'll clean what I've and get back to you. > Thanks, > Daniel > -- Djalal Harouni http://opendz.org _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel