DBUS_TYPE_LINUX_CRED ?
Lennart Poettering
mzqohf at 0pointer.de
Fri Dec 13 10:17:58 PST 2013
On Fri, 13.12.13 11:39, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
> Hi,
>
> dbus-protocol.h defines DBUS_TYPE_UNIX_FD as an iter type which can
> be appended to a message. Would it be acceptable to add something
> along the lines of DBUS_TYPE_LINUX_CRED ? Better yet, is there already
> a way of sending a struct ucred as SCM_CREDENTIAL by appending it to
> a dbus message?
You can also query the identity of a bus peer with the bus driver calls
GetConnectionUnixUser and GetConnectionUnixProcessID.
In kdbus you will also get a variety of creds attached to all messages
implicitly (pid, gid, uid, pid_starttime, tid, comm, tid_comm, cmdline,
cgroup, unit, slice, user unit, session, owner uid, eff caps, inh caps,
perm caps, bounding caps, selinux context, audit session, audit login
uid), and this can be selected by the receiver.
> The goal of doing this is not to authenticate the client, but to
> pass pids and uids across namespaces and have the kernel translate
> them. So the cred sent along with the null byte is akin to what I
> need, but it's not what I need.
I am pretty sure it would be wrong to have something like this as data
type. This data should be appended implicitly, not explicitly.
Lennart
--
Lennart Poettering, Red Hat
More information about the dbus
mailing list