[rfc] move activation to a helper process
John (J5) Palmieri
johnp at redhat.com
Mon Oct 16 09:45:48 PDT 2006
On Mon, 2006-10-16 at 10:21 -0400, David Zeuthen wrote:
> Hi,
>
> Here's an almost finished patch for moving activation into a helper
> process. This enables us to fork off the activation helper early and
> keep it running as root, thus being able to make activation on the
> system message bus useful.
>
> Details
>
> - Move some test harness around
> - BusContext now requires a function to clean up
> - The bus process and the helper process communicate over a pair
> of pipes. I specifically avoided using D-Bus as the IPC because
> if the bus process is compromised the likely way it is compromised
> is by libdbus being compromised. The protocol is very custom and
> simple. Should be feasible to do security audits on it.
> - Helper process is written with paranoia in mind - it does not trust
> the bus process
> - There's a new 'User' key that can be set in service files to specify
> what user to run the activated service as
>
> TODO's
>
> - What should we do if 'User' key is not set for system bus activation?
> Just run it as root?
> - Conversely, what to do if 'User' key is set for session bus
> activation? Just refuse to run it?
> - The test suite fails, says OOM handling doesn't work. I'm looking at
> this, I think I'm doing the wrong thing if a BusTransactions fails,
> should be feasible to fix (any quick ideas what I'm doing wrong?)
> Apart from OOM handling the test suite works and this is good as the
> test suite exercises a lot of the activation subsystem.
> - Not sure how to do OOM tests for helper since it's a separate
> process, ideas welcome
> - Not sure how add meaningful tests to activation-helper.c, ideas
> welcome too
> - Some general cleanups and removing some noise I've introduced in
> places.
>
> Anyway, I think the patch is in a state and I'd like feedback on the
> approach and details too. Thanks!
It is a pretty large patch and I do not want it in 1.0 personally. I
would prefer it be in 1.1 and tested for a long time. To that end I am
sure we would add the patch to OLPC to get that testing in since we need
some of its functionality.
I will look at the patch in more depth when I have some time. If others
think it should go in 1.0, let me know but there is a high barrier as it
is not blocking any of our core use cases for 1.0.
--
John (J5) Palmieri <johnp at redhat.com>
More information about the dbus
mailing list