D-Bus User Bus

Lennart Poettering mzqohf at 0pointer.de
Wed May 19 20:03:30 PDT 2010 

On Wed, 19.05.10 22:12, Havoc Pennington (hp at pobox.com) wrote:

> 
> Hi,
> 
> On Wed, May 19, 2010 at 10:04 PM, Lennart Poettering <mzqohf at 0pointer.de> wrote:
> > Maybe as long as this only covers a gconf setting or two. But I am
> > pretty sure if actual data loss is involved then people would be pretty
> > pissed and ask "Why didn't warn me that app in advance?"
> 
> What is the actual data loss beyond some settings?

think gnote/tomboy. Would you vouch that that tools is NFS safe? And
there are more systemd like that.

> > There are more things than just files that have to be managed:
> > hardware, network services, and so on. Think PA. Think Rygel. Think
> > gnome-user-share. gnome-bluetooth. telepathy. And so on. For them $HOME
> > on NFS is completely irrelevant, but they are inherently per-machine,
> > not per-session.
> 
> I think this is the less-common case, compared to "every other app
> that isn't hardware-related" which is the common case.

well, I see it like this: we have three sets of processes on the bus:

1) those which are bound to $HOME (i.e. gconfd, eds)

2) those which are bound to the machine (i.e. everything that manages
   hardware or offers a network service)

3) those which are bound to the display (i.e. all GUI apps, gnome-settings-daemon)

where sizeof(1) < sizeof(2) < sizeof(3).

> > I'd argue that parallel logins of the same user on the same machines is
> > way more likely than parallel network logins.
> 
> Really? when is it useful? (other than ssh, anyway)

Nah, ssh is the answer here. I'd argue it is more commonly used than
shared NFS $HOME.

> > And that's reason enough to fix the local case even if the network
> > stuff is not really figured out. The NFS situation is borked anyway,
> > because we have no good channel for communication, and so on. And so
> > far nobody really cared about this,
> 
> This is just not true. People have heavily cared about it in the past
> and flipped out when it broke.

Hmm? I am speaking of D-Bus here. I have never seen any realistic
approach to make D-Bus really network aware so that it is really bound
to the $DISPLAY.

Have you?

What would the communication channel be?

> > I am strongly against mixing priviliged with unpriviliged services on
> > one bus. This is just a call for a security desaster.
> 
> Most of the stuff on the system bus is not especially privileged, or
> has only the exact privs it needs. And all users/apps can connect to
> the system bus anyhow.

Well, using a bus service and providing a bus name are two (vastly)
different things.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the dbus mailing list