Support "app" based trust management with trust.d #281
Replies: 2 comments
-
With trust.d you can create multiple trust files. However, fapolicyd daemon does not hold the file name any longer after reading the file. |
Beta Was this translation helpful? Give feedback.
-
Yep, this is a good point. Right now we only parse the lmdb for a source of trust. To achieve the modularity and provenance I was getting at in the original post we will either have to track "apps" in application storage somewhere (XDG most likely) or will have to start parsing the file trust sources ourselves. Organizing our "apps" in trust.d let's us avoid having to check sync between our state and the trust.d state (eg. check if someone edited those by hand outside our app). So that would seem to be the place to start. |
Beta Was this translation helpful? Give feedback.
-
Given the addition of trust.d support we could move to a design that is aware of app bundles for trust and manage those bundles in their own entry in the trust directory.
Currently we flatten everything to the fapolicyd.trust file, which is simple for writing, but will eventually create some difficulty in reasoning about what has been added to that file.
Beta Was this translation helpful? Give feedback.
All reactions