Necessity to provide support for SCM_CREDENTIALS

[Lennart Poettering]

On Wed, 05.11.14 14:14, Mateusz Malicki (m.malicki2 at samsung.com) wrote:

> Hello,
> 
> I am working with dbus-daemon launched in container (enabled user
> namespace).
> Client library (outside user namespace) isn't able to connect to dbus with
> EXTERNAL authentication mechanism. Dbus-daemon doesn't support for
> SCM_CREDENTIALS.
> This fact is written directly in source code:
> 
> dbus/dbus-sysdeps-unix.c +1785
> 
>     /* Supported by at least Linux and OpenBSD, with minor differences.
> *
>      * This mechanism passes the process ID through and does not require
>      * the peer's cooperation, so we prefer it over all others. Notably,
>      * Linux also supports SCM_CREDENTIALS, which is similar to FreeBSD
>      * SCM_CREDS; it's implemented in GIO, but we don't use it in dbus at
> all,
>      * because this is much less fragile.
>      */
> 
> 
> Why it isn't implemented?
> If there is green light to implement support for SCM_CREDENTIALS?

My recommendation would be to fork() off a short-lived process, make
that process join the container's namespace and then create and
connect the connection socket there, and pass it back to the parent
via fd passing. The forked off process can then exit.

This way the connection is from a process inside the container, with
valid credentials inside of the container. 

This is in fact what we do in systemd's "sd-bus" dbus library, as part
of the sd_bus_open_system_container() call that creates a bus
connection to the system bus of any local container.

Lennart

-- 
Lennart Poettering, Red Hat