[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensolaris-security-discuss
Subject:    Re: System D-Bus in TX environment
From:       Darren J Moffat <Darren.Moffat () Sun ! COM>
Date:       2008-08-12 9:33:52
Message-ID: 48A15900.3070103 () Sun ! COM
[Download RAW message or body]

Gary Winiger wrote:
>>> I'd like to have some discussion of the System D-Bus in a TX environment 
>>> - sorry for the long To: list but I'm not sure all the people with D-Bus 
>>> and TX experience are necessarily on security-discuss.
>>>
>>> Currently zones that represent TX labels have a session D-Bus but no 
>>> access to the system D-Bus.
>>>
>>> * What could we gain by providing access to the system D-Bus in a 
>>> labeled zone ?
>>>    What would work that is useful that doesn't now ?
>>>    What new things could we do using D-Bus that would benefit labeled
>>>    zones ?
>>>    Are there existing things we could solve easier ?
>> Artem should confirm since he knows better than I, but I think the only
>> thing that uses the system bus on Solaris is HAL.  So, I suspect that
>> removable media support in zones may not work in a reasonable way.
>> But it's perhaps also unclear how removable media should be mounted
>> in a multi-zone environment.
> 
> 	So Y'all know that there's a Solaris Hardening Program (which
> 	includes TX) project that's been underway for a while working
> 	with various folk on "device allocation", so if HAL and
> 	devices are part of the commentary from Darren, I suggest that
> 	whomever is interested in carrying on the discussion contact Craig
> 	Payne as he's managing the work.

I'm aware of the "device allocation" part, but part of the intent of 
this thread was to find out what other messages would appear on the 
system D-Bus other than ones covered by "device allocation".  Based on 
what has been done in the past I expect "device allocation" to cover at 
least audio and mass-storage.

-- 
Darren J Moffat
_______________________________________________
security-discuss mailing list
security-discuss@opensolaris.org
[prev in list] [next in list] [prev in thread] [next in thread]