blob: f28cc824453d9561ff50e26c0fcc14f21c1956af (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Features:
- check guards for all privileged-only operations:
- activation
- monitor
- impersonation
- name register
- $UID prefix
- ns creation
- ep prefixing
- policy, policy for custom endpoints
- attach seclabel to names?
- attach policy to names? Where/how to store names from policy but
otherwise inactive names (name laceholders).
- find a way to specify "name prefix wildcards" like:
"com.expample.foo.* can be owned by uid foo"
- also attach queued names to metadata?
- account and limit number of messages a connection can have in-flight
for another connection, like a connection can have a maximum of 100
messages in-flight, but only 10 of them for the same connection
- limit the number of buses an ordinary user can create
- limit the number of connections per uid
- allow to update the metadata subscription bit mask
- support the creation of anonymous buses
- actually return compatible/incompatible flags to users
External API:
- rules for:
-unknown items to ignore in userspace lib?
-unknown items to ignore if SEND sees them?
- review all different structures of custom ioctls and items if they
can be further unified
|