Re: [GIT PULL] kdbus for 4.1-rc1

[Richard Weinberger]

Am 30.04.2015 um 14:40 schrieb Åukasz Stelmach:
> It was <2015-04-30 czw 14:23>, when Richard Weinberger wrote:
>> Am 30.04.2015 um 14:16 schrieb Åukasz Stelmach:
>>> It was <2015-04-30 czw 12:40>, when Richard Weinberger wrote:
>>>> Am 30.04.2015 um 12:19 schrieb Åukasz Stelmach:
>>>>> It was <2015-04-30 czw 11:12>, when Richard Weinberger wrote:
>>>>>> Am 30.04.2015 um 11:05 schrieb Åukasz Stelmach:
>>>>>>> Regardless, of initrd issues I feel there is a need of a local IPC
>>>>>>> that is more capable than UDS. 
> [...]
>>>>> For example, a service can't aquire credentials of a client process that
>>>>> actually sent a request (it can, but it can't trust them). The service
>>>>> can't be protected by LSM on a bus that is driven by dbus-daemon. Yes,
>>>>> dbus-daemon, can check client's and srevice's labels and enforce a
>>>>> policy but it is going to be the daemon and not the LSM code in the
>>>>> kernel.
>>>>
>>>> That's why I said we can think of new kernel features if they are
>>>> needed.  But they current sink or swim approach of kdbus folks is also
>>>> not the solution.  As I said, if dbus-daemon utilizes the kernel
>>>> interface as much as possible we can think of new features.
>>>
>>> What kernel interfaces do you suggest to use to solve the issues
>>> I mentioned in the second paragraph: race conditions, LSM support (for
>>> example)?
>>
>> The question is whether it makes sense to collect this kind of meta data.
>> I really like Andy and Alan's idea improve AF_UNIX or revive AF_BUS.
> 
> Race conditions have nothing to do with metadata. Neither has LSM
> support.

Sorry, I thought you mean the races while collecting metadata in userspace...

> AF_UNIX with multicast support wouldn't be AF_UNIX anymore.
> 
> AF_BUS? I haven't followed the discussion back then. Why do you think it
> is better than kdbus?

Please see https://lwn.net/Articles/641278/

Thanks,
//richard

Attachment: signature.asc
Description: OpenPGP digital signature