mzqohf at 0pointer.de
Fri Dec 13 18:47:44 PST 2013
On Fri, 13.12.13 14:19, Serge Hallyn (serge.hallyn at ubuntu.com) wrote:
> > > The goal of doing this is not to authenticate the client, but to
> > > pass pids and uids across namespaces and have the kernel translate
> > > them. So the cred sent along with the null byte is akin to what I
> > > need, but it's not what I need.
> > I am pretty sure it would be wrong to have something like this as data
> > type. This data should be appended implicitly, not explicitly.
> It can't be done implicitly, though, since dbus doesn't know which
> ucred I want to send. I'm not authenticating as that task, I just need
> an unambiguous namespace-independent identifier for it.
What is your goal with that, and why do you think that D-Bus should
solve this for you?
If you need to be able to translate PIDs or UIDs between namespaces,
then maybe add some facility to th kernel that allows that, but I fail
to see why D-Bus should bother doing that for you?
And how would D-Bus even translate those PIDs if they are in the payload?
Lennart Poettering, Red Hat
More information about the dbus