DBUS_TYPE_LINUX_CRED ?
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Dec 13 12:19:14 PST 2013
Quoting Lennart Poettering (mzqohf at 0pointer.de):
> On Fri, 13.12.13 11:39, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
>
> > Hi,
> >
> > dbus-protocol.h defines DBUS_TYPE_UNIX_FD as an iter type which can
> > be appended to a message. Would it be acceptable to add something
> > along the lines of DBUS_TYPE_LINUX_CRED ? Better yet, is there already
> > a way of sending a struct ucred as SCM_CREDENTIAL by appending it to
> > a dbus message?
>
> You can also query the identity of a bus peer with the bus driver calls
> GetConnectionUnixUser and GetConnectionUnixProcessID.
>
> In kdbus you will also get a variety of creds attached to all messages
> implicitly (pid, gid, uid, pid_starttime, tid, comm, tid_comm, cmdline,
> cgroup, unit, slice, user unit, session, owner uid, eff caps, inh caps,
> perm caps, bounding caps, selinux context, audit session, audit login
> uid), and this can be selected by the receiver.
>
> > The goal of doing this is not to authenticate the client, but to
> > pass pids and uids across namespaces and have the kernel translate
> > them. So the cred sent along with the null byte is akin to what I
> > need, but it's not what I need.
>
> I am pretty sure it would be wrong to have something like this as data
> type. This data should be appended implicitly, not explicitly.
It can't be done implicitly, though, since dbus doesn't know which
ucred I want to send. I'm not authenticating as that task, I just need
an unambiguous namespace-independent identifier for it.
thanks,
-serge
More information about the dbus
mailing list