mzqohf at 0pointer.de
Fri Dec 13 10:17:58 PST 2013
On Fri, 13.12.13 11:39, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
> dbus-protocol.h defines DBUS_TYPE_UNIX_FD as an iter type which can
> be appended to a message. Would it be acceptable to add something
> along the lines of DBUS_TYPE_LINUX_CRED ? Better yet, is there already
> a way of sending a struct ucred as SCM_CREDENTIAL by appending it to
> a dbus message?
You can also query the identity of a bus peer with the bus driver calls
GetConnectionUnixUser and GetConnectionUnixProcessID.
In kdbus you will also get a variety of creds attached to all messages
implicitly (pid, gid, uid, pid_starttime, tid, comm, tid_comm, cmdline,
cgroup, unit, slice, user unit, session, owner uid, eff caps, inh caps,
perm caps, bounding caps, selinux context, audit session, audit login
uid), and this can be selected by the receiver.
> The goal of doing this is not to authenticate the client, but to
> pass pids and uids across namespaces and have the kernel translate
> them. So the cred sent along with the null byte is akin to what I
> need, but it's not what I need.
I am pretty sure it would be wrong to have something like this as data
type. This data should be appended implicitly, not explicitly.
Lennart Poettering, Red Hat
More information about the dbus