[Apparmor-dev] desktop notifications

John Johansen jjohansen at suse.de
Wed Dec 31 18:28:27 MST 2008 

Currently AppArmor uses an audit dispatcher replacement, that sends a
signal out over the system dbus.  On the desktop there is an applet that
listens for the signals and puts up an alert.

This scheme has a few problems.
- it requires a custom applet
- notifications aren't integrated into the standard system notification
  frame work.  This will be more of a problem with Ubuntu's new
  notification system.
- all rejects are sent to all users, whether or not the user should be
  able to receive them.  ie. User A can see rejects affecting user B.
  The applet could filter these messages, but it would be better if a
  given user can not see another users rejects.

I have been gradually reworking the dispatcher, so that it is more
useful.  First off it will come in two versions
 - an audit dispatcher/audit plugin
 - a daemon that can be started by and work with syslog/syslog-ng.

This split isn't technically necessary but it allows for packaging to
have reduced dependencies.

The dispatcher it self is getting an update to send signals to the users
session bus instead of the system bus.  This enables the dispatcher to
select which users should receive a signal so that we don't have the
problem of User A seeing, user Bs rejects.

The signals can be sent in two forms
- a notification event using libnotify, eliminating the need for an
  applet for basic notifications.
- a custom signal carrying extra information, that an applet can
  leverage to provide extra information and eventually be used to
  directly update profiles, etc.

The dispatcher will have a configuration file that governs which users,
receive messages by default and which messages can be received.
eg. A sysadmin may want to receive all rejects, or perhaps system
rejects and only his own rejects (not other users).  This will become a
larger issue when AppArmor picks up the ability to enforce user defined
policy.


A users should be able to override some of the default settings,
governing which messages they receive.  eg. A user may want to see a
notification per reject, or may not want to receive notifications popups.

For a user to customize their notifications there are two methods,
either through an applet which communicates the users preferences to the
dispatcher daemon, or through a command line app that can be called on
session startup and communicate the users preferences.

I believe inter-machine messaging can be mostly handled by audit and
syslog.  With a dispatcher on the target machine.  Any cases where this
is not so?

Are there other methods or forms of notification that are desirable?
A console based notification, perhaps?

john

More information about the Apparmor-dev mailing list