diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-11 13:40:23 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-18 10:35:05 +0000 |
commit | 82f9f6423adbcd2e14021e849c7d20e9348390dc (patch) | |
tree | 6b208ba32a743ae11281208ed3f4506d229efcf9 /doc | |
parent | 2e6879bc1b399c982a6d8599a641196fd4d46c0a (diff) | |
download | dbus-82f9f6423adbcd2e14021e849c7d20e9348390dc.tar.gz |
Add LinuxSecurityLabel to specification
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89041
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/dbus-specification.xml | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml index a9a8c591..51287914 100644 --- a/doc/dbus-specification.xml +++ b/doc/dbus-specification.xml @@ -6013,6 +6013,57 @@ a domain or local computer user or "S-1-5-18" for the LOCAL_SYSTEM user</entry> </row> + + <row> + <entry>LinuxSecurityLabel</entry> + <entry>ARRAY of BYTE</entry> + <entry> + <para>On Linux systems, the security label that would result + from the SO_PEERSEC getsockopt call. The array contains + the non-zero bytes of the security label in an unspecified + ASCII-compatible encoding<footnote> + <para>It could be ASCII or UTF-8, but could also be + ISO Latin-1 or any other encoding.</para> + </footnote>, followed by a single zero byte.</para> + <para> + For example, the SELinux context + <literal>system_u:system_r:init_t:s0</literal> + (a string of length 27) would be encoded as 28 bytes + ending with ':', 's', '0', '\x00'.<footnote> + <para>Note that this is not the same as the older + GetConnectionSELinuxContext method, which does + not append the zero byte. Always appending the + zero byte allows callers to read the string + from the message payload without copying.</para> + </footnote> + </para> + <para> + On SELinux systems this is the SELinux context, as output + by <literal>ps -Z</literal> or <literal>ls -Z</literal>. + Typical values might include + <literal>system_u:system_r:init_t:s0</literal>, + <literal>unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023</literal>, + or + <literal>unconfined_u:unconfined_r:chrome_sandbox_t:s0-s0:c0.c1023</literal>. + </para> + <para> + On Smack systems, this is the Smack label. + Typical values might include + <literal>_</literal>, <literal>*</literal>, + <literal>User</literal>, <literal>System</literal> + or <literal>System::Shared</literal>. + </para> + <para> + On AppArmor systems, this is the AppArmor context, + a composite string encoding the AppArmor label (one or more + profiles) and the enforcement mode. + Typical values might include <literal>unconfined</literal>, + <literal>/usr/bin/firefox (enforce)</literal> or + <literal>user1 (complain)</literal>. + </para> + </entry> + </row> + </tbody> </tgroup> </informaltable> |