Serge Hallyn serge.hallyn at ubuntu.com
Fri Dec 13 12:19:14 PST 2013

Quoting Lennart Poettering (mzqohf at 0pointer.de):
> On Fri, 13.12.13 11:39, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
> > Hi,
> > 
> > dbus-protocol.h defines DBUS_TYPE_UNIX_FD as an iter type which can
> > be appended to a message.  Would it be acceptable to add something
> > along the lines of DBUS_TYPE_LINUX_CRED ?  Better yet, is there already
> > a way of sending a struct ucred as SCM_CREDENTIAL by appending it to
> > a dbus message?
> You can also query the identity of a bus peer with the bus driver calls
> GetConnectionUnixUser and GetConnectionUnixProcessID.
> In kdbus you will also get a variety of creds attached to all messages
> implicitly (pid, gid, uid, pid_starttime, tid, comm, tid_comm, cmdline,
> cgroup, unit, slice, user unit, session, owner uid, eff caps, inh caps,
> perm caps, bounding caps, selinux context, audit session, audit login
> uid), and this can be selected by the receiver.
> > The goal of doing this is not to authenticate the client, but to
> > pass pids and uids across namespaces and have the kernel translate
> > them.  So the cred sent along with the null byte is akin to what I
> > need, but it's not what I need.
> I am pretty sure it would be wrong to have something like this as data
> type. This data should be appended implicitly, not explicitly.

It can't be done implicitly, though, since dbus doesn't know which
ucred I want to send.  I'm not authenticating as that task, I just need
an unambiguous namespace-independent identifier for it.


More information about the dbus mailing list